MOVEit breach chaos continues, data on hundreds of thousands leaked from Nokia, Morgan Stanley

News
By
published

Six large companies have had their data leaked

A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
(Image credit: Shutterstock / Thapana_Studio)
  • A hacker with the alias "Nam3L3ss" started leaking data from six companies
  • The companies include Nokia, Bank of America, and others
  • The data came from the MOVEit breach that happened more than a year ago

Hackers are still leaking sensitive information stolen via the MOVEit flaw, more than a year after it was first disclosed, experts have warned.

A threat actor with the alias “Nam3L3ss” recently started leaking sensitive data from six major companies to BreachForums: Xerox (42,735), Koch (237,487), Nokia (94,253), Bank of America (288,297), Bridgewater (2,141), Morgan Stanley (32,861), and JLL (62,349), The Register reports.

The publication further added that security researchers analyzed the data dump and confirmed its authenticity, adding that among the leaked information are people’s full names, phone numbers, email addresses, job addresses, employee badges, job titles, and usernames.

Reader Offer: Save up to 70% on Aura identity theft protection

Reader Offer: Save up to 70% on Aura identity theft protectionTechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

View Deal

MOVEit files keep leaking

This is the type of information cybercriminals like most (apart from passwords and banking data, obviously), since it allows them to run phishing, identity theft, and similar attacks that can lead to ransomware, wire fraud, and more.

"This data is a goldmine for social engineering," Zack Ganot, chief strategy officer for Atlas Privacy said. "Knowing exactly what employee sits on which team, who they report to, what their badge number is, what building they work in, their organizational email and phone number – this is some wild stuff for an attacker looking to exploit an org."

MOVEit is a managed file transfer (MFT) tool, used by large companies to securely share sensitive files. In late May 2023, it was discovered that it had a flaw, which was successfully exploited by a Russian ransomware actor called Cl0p. This group used the flaw to exfiltrate sensitive data from hundreds of companies using MOVEit.

Among the victims were numerous high-profile organizations across various sectors, including US government entities (Department of Energy, Office of Personnel Management), educational institutions (Johns Hopkins University), private enterprises (Shell, British Airways, Ernst & Young), and many others. In total over 62 million individuals were directly affected, with the true number likely higher.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Data leak
US utility giant says MOVEit hack exposed stolen data
Data leak
Details of over 15,000 FortiGate devices leaked online, so be on your guard
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Security
American National Insurance Company breach data found online
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Latest in Security
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
Latest in News
A close up of Captain America with Thor and Hulk in the background during the Assemble scene in Avengers: Endgame
'We will draw inspiration': Joe and Anthony Russo reveal which of Marvel's Secret Wars comic book series have influenced Avengers 5 and 6's plot
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Want to buy an RX 9070 or 9070 XT but fed up of the GPUs being out of stock? AMD promises that “more supply is coming ASAP”
Cece Carroway (Sara Silva), Caroline Merteuil (Sarah Catherine Hook), and Lucien Belmont (Zac Burgess) in Cruel Intentions.
Cruel Intentions has been canceled after one season on Prime Video, but I'm not surprised by its cruel fate
iOS 18 Control Center
iOS 19: the 3 biggest rumors so far, and what I want to see
Doom: The Dark Ages
Doom: The Dark Ages' director confirms DLC is in the works and says the game won't end the way 2016's Doom begins: 'If we took it all the way to that point, then that would mean that we couldn't tell any more medieval stories'
More about security
Representational image of a cybercriminal

Allstate sued for exposing personal customer information in plaintext
Scam alert

A new SMS energy scam is using Elon Musk’s face to steal your money
Cece Carroway (Sara Silva), Caroline Merteuil (Sarah Catherine Hook), and Lucien Belmont (Zac Burgess) in Cruel Intentions.

Cruel Intentions has been canceled after one season on Prime Video, but I'm not surprised by its cruel fate
See more latest
Most Popular
Cece Carroway (Sara Silva), Caroline Merteuil (Sarah Catherine Hook), and Lucien Belmont (Zac Burgess) in Cruel Intentions.
Cruel Intentions has been canceled after one season on Prime Video, but I'm not surprised by its cruel fate
A close up of Captain America with Thor and Hulk in the background during the Assemble scene in Avengers: Endgame
'We will draw inspiration': Joe and Anthony Russo reveal which of Marvel's Secret Wars comic book series have influenced Avengers 5 and 6's plot
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, March 12 (game #374)
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 12 (game #1143)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Wednesday, March 12 (game #640)
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Want to buy an RX 9070 or 9070 XT but fed up of the GPUs being out of stock? AMD promises that “more supply is coming ASAP”
Cowabunga, dude!
Teenage Mutant Ninja Turtles: Shredder’s Revenge, a nostalgic beat-em-up with beautiful pixel graphics, is finally coming to mobile next month
Empirical Health biomarkers
This new health protocol combines 40 smartwatch biomarkers and blood tests to give you a health score
LG C5 OLED T V with forest road and car on screen
LG reveals US pricing for the LG G5 and LG C5 OLED TVs, and it's great news for OLED fans