US utility giant says MOVEit hack exposed stolen data

News
By
published

Data stolen in May 2023 have now been released online

Data leak
(Image credit: Shutterstock)
  • PLL Electric Utilities confirms data leaked online
  • It was stolen from a third-party vendor during MOVEit hack
  • No banking or payment information was leaked

It has been almost two years since the MOVEit MFT data breach fiasco, but businesses and their customers are still feeling the consequences.

PLL Electric Utilities is the latest to confirm information stolen back in 2023 has now been leaked online, as one of its vendors was exposed through MOVEit.

“The information did not extend beyond basic information such as name, address, phone number, email address and account number,” a company spokesperson said. Banking or credit card information, social security numbers or account passwords were not disclosed, since PPL did not share this data with the compromised vendor in the first place - but the information can still be used in phishing attack, identity theft, social engineering, and more.

Millions of victims

“This issue is completely unrelated to PPL’s systems and critical infrastructure across all our service areas,” the company said.

The 2023 MOVEit data breach was a large-scale cyberattack exploiting a zero-day vulnerability in MOVEit Managed File Transfer, a file transfer software built by Progress Software. It was discovered in late May 2023, when the flaw allowed attackers to execute SQL injection attacks and gain unauthorized access to sensitive data.

Ransomware actors known as Cl0p were the ones exploiting the bug to steal data from organizations worldwide. The attack impacted more than 600 organizations and roughly 40 million individuals, including governments, financial institutions, healthcare providers, and major corporations. Among more notable victims are U.S. federal agencies, British Airways, Shell, and BBC.

The Cl0p ransomware gang is estimated to have extorted between $75 million and $100 million. Despite a low percentage of victims opting to pay, the group secured substantial sums from a select few who met their high ransom demands.

Via The Record

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
Telegram

New Golang malware is hijacking Telegram to help itself spread
Microsoft

Microsoft is spending $700 million to ramp up security and computing power in Poland
The Macrodata Refinement team looking at Ms Huang in Severance season 2 episode 1

Severance season 2 is a big Apple TV+ hit – here are 5 reasons why I’m obsessed with it
See more latest