{"id":92750,"date":"2023-06-12T11:06:00","date_gmt":"2023-06-12T11:06:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=92750"},"modified":"2023-06-12T11:06:00","modified_gmt":"2023-06-12T11:06:00","slug":"ofcom-data-stolen-in-moveit-cyber-attack","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=92750","title":{"rendered":"Ofcom data stolen in MOVEit cyber attack"},"content":{"rendered":"
<\/div>\n

UK communications regulator Ofcom has revealed it is among the organisations to have been compromised by the Russian-speaking Clop cyber crime gang<\/a> following its exploit of a SQL injection vulnerability in Progress Software\u2019s MOVEit Transfer managed file transfer service.<\/p>\n

Ofcom confirmed earlier today that a \u201climited amount\u201d of information about companies it regulates \u2013 some of it confidential \u2013 alongside the personal data of 412 of its own employees, was downloaded in the attack.<\/p>\n

\u201cThe security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously,\u201d an Ofcom spokesperson said<\/a>.<\/p>\n

\u201cWe took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.<\/p>\n

\u201cNo Ofcom systems were compromised during the attack,\u201d they added.<\/p>\n

NordVPN\u2019s<\/a> Marijus Briedis commented: \u201cStealing personal and company data from under the nose of the UK\u2019s media regulator will be another feather in the cap of the cyber criminals behind the MOVEit hack.<\/p>\n

\u201cThe large scale of the attack and high-profile victims like the BBC, British Airways and now Ofcom suggests this was meticulously planned\u2026.<\/p>\n

Briedis added: \u201cThis significant data heist will raise the attackers\u2019 profile within the competitive ransomware-for-hire market that exists on the dark web. It also shows the ongoing risk of supply chain attacks on the UK, with opportunistic hackers looking to prey upon third-party services as a path to landing a big fish further down the line.\u201d<\/p>\n

As the clock ticks down on Clop\u2019s deadline for victims to contact it \u2013 lest they find their data leaked online \u2013 details of more victims continue to emerge.<\/p>\n

Ireland\u2019s Health Service Executive (HSE) \u2013 previously the victim of a major ransomware attack by the Conti cyber crime syndicate<\/a> \u2013 is among those to have disclosed a breach following the attack<\/a>.<\/p>\n

Like a number of other victims, the HSE was compromised in a so-called supply chain attack via the systems of an external service provider that used MOVEit Transfer, in this case professional services firm EY.<\/p>\n

\n

<\/i>Progress Software\u2019s woes continue<\/h3>\n

Prior to the weekend, Progress Software, the company behind MOVEit, disclosed another vulnerability in the product, uncovered with the help of third-party researchers, which may have a similar impact<\/a>.<\/p>\n

A patch for this vulnerability was released on 9 June. MOVEit Transfer users can find more details about the vulnerability here<\/a>.<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

UK communications regulator Ofcom has revealed it is among the organisations to have been compromised by the Russian-speaking Clop cyber crime gang following its exploit of a SQL injection vulnerability in Progress Software\u2019s MOVEit Transfer managed file transfer service. Ofcom confirmed earlier today that a \u201climited amount\u201d of information about companies it regulates \u2013 some […]<\/p>\n","protected":false},"author":1,"featured_media":92751,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-92750","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92750","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92750"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92750\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/92751"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92750"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92750"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92750"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}