A significant data breach has exposed the personal information of over 760,000 employees from major corporations such as Xerox, Nokia, Koch, Bank of America, and Morgan Stanley. This breach is linked to vulnerabilities in the MOVEit file transfer tool, which was exploited by the cybercriminal group operating under the alias 'Nam3L3ss'.
The leaked database, published on a prominent cybercrime forum, includes sensitive details like names, phone numbers, email addresses, job titles, and employee badge numbers. Atlas Privacy, a data removal firm, confirmed the authenticity of the leaked records, indicating the potential for targeted phishing attacks and identity theft.
Zack Ganot, Chief Strategy Officer at Atlas Privacy, remarked, 'This data is a goldmine for social engineering.' The fallout from this breach traces back to a security incident initiated by the Russian-affiliated Cl0p ransomware group, which exploited the MOVEit tool in May 2023, leading to unauthorized access to sensitive data from numerous organizations.
As fresh datasets continue to emerge, the situation raises concerns about the ongoing risks associated with the MOVEit vulnerability and the potential for further exploitation of the exposed information.