MOVEit Transfer data breach at Zellis affect
UK payroll and HR solutions provider Zellis suffered a data breach due to MOVEit attacks. "A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software's MOVEit Transfer product," Zellis told BleepingComputer in a statement on June 7. "We confirm that a small number of our customers have been impacted and we are actively working to support them. Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland."
Additional information, 23AUG23:
On June 6th, 2023, the notorious Russian-affiliated ransomware group, Clop, claimed responsibility for an attack that targeted Progress Software’s MOVEit transfer tool. This corporate file-sharing solution has an extensive customer base in the United States. Organizations use MOVEit for secure file transfers; it’s essentially a more jazzed-up, professional version of popular file-sharing tools like Dropbox. In May 2023, cybercriminals at Clop uncovered a previously unknown vulnerability in MOVEit, which they began exploiting. Up to 130 organizations suffered from downstream impacts when the vulnerability in MOVEit enabled Clop hackers to gain access to their IT environment and steal sensitive data.