December 2, 2024 at 10:04PM
A massive data breach linked to the MOVEit file transfer tool has exposed personal data of hundreds of thousands of employees from major corporations, including Xerox and Bank of America. The hacker “Nam3L3ss” leaked employee details such as names, contact information, and job titles, raising concerns over potential social engineering attacks.
**Meeting Notes Takeaways:**
1. **Massive Data Breach Identified**: A significant data breach has impacted employees from major corporations, including Xerox, Nokia, Koch, Bank of America, and Morgan Stanley, linked to the MOVEit file transfer tool.
2. **Leak by Entity “Nam3L3ss”**: On Monday, a group using the alias “Nam3L3ss” began leaking personal data of employees from various affected organizations, claiming authenticity of the information.
3. **Origin of Breach**: The breach is attributed to the Russia-linked Cl0p ransomware group, which exploited vulnerabilities in Progress Software’s MOVEit product starting in May 2023.
4. **Extent of Data Compromised**: The leaked data includes sensitive information such as names, phone numbers, email addresses, job titles, employee badges, and usernames, affecting hundreds of thousands of employees.
5. **Specific Data Figures**:
– Xerox: 42,735 employees
– Koch: 237,487 employees
– Nokia: 94,253 employees
– Bank of America: 288,297 employees
– Bridgewater: 2,141 employees
– Morgan Stanley: 32,861 employees
– JLL: 62,349 employees
6. **Concerns About Security**: Zack Ganot from Atlas Privacy emphasized that the detailed information poses risks for social engineering attacks, making it easier for attackers to exploit organizations.
7. **Response from Affected Companies**: As of the meeting, none of the listed companies have responded to inquiries regarding the breach.
8. **Reference Service**: Atlas Privacy operates databreach.com, a resource for individuals to check if their personal information has been compromised and offers data removal services.
These takeaways summarize the critical developments and implications surrounding the MOVEit data breach incident.