Additional victims of the MOVEit attack campaign are coming forward weeks after the first vulnerability was disclosed, resulting in the breach of millions of records.
More than 100 organizations have been impacted by MOVE it-related attacks, threat analyst Brett Callow told Cybersecurity Dive, via email.
Genworth Financial said hackers stole the private data of between 2.5 million and 2.7 million life insurance policyholders as a result of attacks linked to the MOVEit file transfer vulnerabilities, according to a Thursday filing with the Securities and Exchange Commission.
PBI Research Services, a third-party vendor that works with Genworth Financial, uses MOVEit and notified the insurance provider about the compromise, according to the filing. The leaked data includes social security numbers.
Genworth uses PBI for its life insurance business to search databases to identify the deaths of insured policyholders, meeting regulatory obligations. Genworth said the attack on PBI has not had any impact on its internal systems and has not caused any disruption to its businesses.
PBI could not be immediately reached for comment.
Meanwhile, the Clop ransomware gang has posted names of additional companies targeted in connection to the MOVEit vulnerabilities, including PwC and EY.
PwC said it used the software “in a limited number of client engagements,” according to a spokesperson. The company stopped using the software once it learned of the incident.
“Our investigation has shown that PwCs own IT network has not been compromised and that MOVEit’s vulnerability has had a limited impact on PwC,” the spokesperson said via email.
The company has reached out to the "small number of clients whose files were impacted ” to discuss the incident.
EY officials said they began investigating immediately after the zero-day vulnerabilities were disclosed in late May. The vast majority of its systems were not compromised, however it is still looking into the extent of the attack.
“We are manually and thoroughly investigating systems where data may have been accessed,” spokesperson Lauren Hare said in an emailed statement.
EY's priority is to communicate with those impacted as well as the relevant authorities, according to the spokesperson.
Meanwhile CalPERS confirmed that personal data of its members was downloaded in connection to the PBI breach. PBI provides information to CalPERS to confirm member deaths.
The impacted information includes names, social security numbers, dates of birth, employer names and family names.