Link: https://www.theregister.com/2023/06/13/ofcom_minnesota_moveit/
Ofcom disclosed this week it is among the businesses and public bodies that have had their internal data stolen by crooks exploiting a MOVEit flaw. Russia's Clop ransomware crew has since claimed it has been going around abusing the vulnerability in MOVEit deployments to steal documents and demanding payment not to leak the info.
"A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack," Ofcom revealed in a statement yesterday.
The watchdog said it took "immediate action" to remediate the issue and beef up its security.
"We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues," the regulator added. "No Ofcom systems were compromised during the attack."
An Ofcom spokesperson declined to answer any additional questions about the attack – including what specific data was stolen, who is responsible for the attack, and whether the intrusion occurred in an Ofcom-run MOVEit instance, or at a third party (such as payroll and human resources services provider Zellis).
Steve
http://www.mar.me.uk
Message Thread
« Back to index