DHL, the UK arm of the shipping giant, is currently investigating a data breach linked to its use of the MOVEit software, which has been exploited by a Russia-based ransomware group for nearly two months. Progress Software has patched the software, but the cybercriminals have still found unpatched targets, affecting at least 383 organizations and leaking the information of over 20 million individuals.
The Cl0p ransomware gang is responsible for this breach, targeting companies worldwide, including major organizations such as PokerStars, Franklin Mint Federal Credit Union, and 1st Source Bank. The leaked data includes sensitive information such as Social Security numbers, impacting hundreds of thousands of customers and clients.
Despite Progress Software’s efforts to patch the vulnerability, the attackers continue to exploit unsecured targets, leading to widespread breaches in both private and public sectors. Emsisoft researchers have been monitoring the situation and have identified at least 383 affected organizations, with the leaked data totaling over 20 million individuals.
As the investigation progresses, DHL is working with cybersecurity experts to understand the full scope of the breach and provide necessary communication to affected parties. This incident highlights the growing threat of ransomware attacks on software providers, potentially leaving millions of individuals and organizations at risk of data exposure and financial harm.