The UK communications regulator Ofcom revealed that hackers had exploited a vulnerability in the MOVEit file transfer tool, resulting in the download of confidential information related to regulated companies and personal data of 412 Ofcom employees.
Ofcom stated that it was one of many organizations affected by the MOVEit cyberattack, which potentially impacted hundreds of organizations globally. The ransomware group Clop claimed responsibility for the attack and issued an extortion note, threatening to disclose more victims if a ransom was not paid.
The exact number of companies affected by the hacking campaign remains unknown, but security researchers identified over 2,000 instances of the exposed MOVEit tool, with a majority located in the United States.
While 128 instances were found in the UK, the actual number of impacted companies could be much higher. The compromise of a single company, Zellis, a payroll services provider, has already been linked to hackers compromising several businesses in Britain and Ireland, including the BBC, British Airways, Boots, and Aer Lingus.
Ofcom emphasized its commitment to the security of confidential information and personal data, stating that it took immediate action to prevent further use of the compromised MOVEit service and implemented recommended security measures.
They promptly notified all affected Ofcom-regulated companies and continue to provide support and assistance to their colleagues. Progress, the software company behind MOVEit, recently announced a second vulnerability in the software, contributing to a series of breaches associated with the program’s issues.
