Seven more major organizations had records from over 760,000 employees stolen from last year's MOVEit hack, which affected nearly 2,800 entities and almost 100 million individuals, exposed by the threat actor Nam3l3ss on BreachForums just weeks after he leaked millions of data from Amazon and two dozen other leading organizations that had also been exfiltrated through the widespread exploitation of the MOVEit Transfer bug, according to SecurityWeek.
Most of the exposed employee records — which includes names, phone numbers, email addresses, job titles, work ID numbers, and manager names — belonged to Bank of America, followed by U.S. multinational conglomerate Koch, Finnish multinational telecommunications firm Nokia, and global real estate and investment management services provider JLL, a report from Atlas Privacy showed. Also affected by the data leak were Xerox, Morgan Stanley, and Bridgewater. "We believe the data originates from the Cl0p ransomware group, who frequently exploit vulnerabilities like MOVEit to exfiltrate and publish sensitive data as part of their extortion campaigns. It's likely Name3l3ss dug through terabytes of darkweb data and repackaged it for wider consumption," said Atlas Privacy co-founder and Chief Security Officer Tsachi Ganot.
