The breach has impacted over 40 million individuals so far, as confirmed by cyber analysts and Reuters.
Do you know what data is being used to ‘train’ the AI in your organisation?
Do you have a process for managing ‘risk’ in the use of AI?
Are employees being trained in the use of AI?
Attend #RISK to learn & knowledge share:
Learn more about #RISK Amsterdam – 27th & 28th September 2023
LEARN MORE ABOUT #RISK LONDON – 18th & 19th October 2023
A significant cybersecurity breach originating from a single American software maker has left a trail of exposure across more than 600 organisations worldwide, raising concerns about data security and digital privacy. The breach has impacted over 40 million individuals so far, as confirmed by cyber analysts and Reuters.
The breach revolves around the exploitation of Progress Software’s MOVEit Transfer file management program, which is widely used by organisations for transferring sensitive data, including personal information, medical records, and billing data. The breach was first disclosed by Progress Software, based in Massachusetts, but the breach’s effects continue to spread and evolve, with the tally of victims growing daily.
The group responsible for the breach, known as “cl0p”, has become increasingly aggressive by publicly releasing compromised data. Marc Bleicher, the Chief Technology Officer of Surefire Cyber, an incident response firm, commented on the evolving situation, stating that the true impact of the breach is likely to become more apparent over time.
The interconnected nature of organisations handling data on behalf of others has contributed to the broad scope of this breach. For example, when cl0p infiltrated the MOVEit software used by a company called Pension Benefit Information, it led to the exposure of data from the New York-based Teachers Insurance and Annuity Association of America, affecting thousands of institutional clients.
Experts emphasise the far-reaching consequences of this breach, highlighting the interconnectedness of digital defences among organisations. Christopher Budd from Sophos, a cybersecurity firm, underscored the lesson this breach offers in terms of reliance on each other’s digital security measures.
The hacking campaign by cl0p began on May 27 and was detected by Progress shortly afterward. The company issued a warning and patch to mitigate the situation, but not all organisations were able to deploy the fix in time. As a result, thousands of companies are believed to have been affected.
The victims span a wide range of sectors, including educational institutions, motor vehicle authorities, pension management organisations, and government contractors. It is estimated that millions of records have been compromised across different industries.
While the breach has already had substantial consequences, analysts suggest that the worst might be yet to come. cl0p has been adopting increasingly sophisticated tactics to spread the stolen data, and cybersecurity experts fear that this breach’s impact could further escalate.
As investigations continue, affected organisations are working to enhance their security measures and assess the extent of the damage. The breach serves as a stark reminder of the vulnerabilities inherent in the digital landscape and highlights the need for robust cybersecurity practices across industries.
Know the risks
As the world becomes increasingly interconnected and complex, so too does the risk landscape. That’s why it’s more important than ever for business leaders and department heads to stay up-to-date on the latest trends and best practices.
On September 27 and 28, 2023, #RISK Amsterdam is the premier event for risk professionals in Europe.
With over 50 exhibitors, keynote presentations from over 100 experts and thought leaders, panel discussions, and breakout sessions, #Risk Amsterdam 2023 is the perfect place to learn about the present and future risk landscape.
Not to be missed…
Session: Head in the Cloud: Strategies for Protecting Data and Infrastructure
Date: Thursday 28 September 2023
Time: 14:00-15:00 (CET)
Panellists will discuss the unique challenges of securing data and infrastructure in the cloud, and provide insights into the strategies and tools you can use to protect against cyber threats.
You’ll gain a comprehensive understanding of the challenges and opportunities of cybersecurity in the cloud, and learn about the strategies and tools available for protecting your organisation’s data and infrastructure.
Session: Shaping Europe’s digital future: Cybersecurity Law and Regulation
Date: Thursday 28 September 2023
Time: 15:00-1600 (CET)
The legal and regulatory landscape of cybersecurity is constantly evolving, with new laws and regulations being introduced regularly, such as the EU Cybersecurity Act, the NIS2 directive, and more.
In this session, panellists explore the emerging trends and challenges in cybersecurity law and regulation and discuss the ways in which organisations can navigate this complex landscape.
Click here for the full #RISK Amsterdam agenda
Click here to register for #RISK Amsterdam – 27th & 28th September 2023
Related Events:
Do you know what data is being used to ‘train’ the AI in your organisation?
Do you have a process for managing ‘risk’ in the use of AI?
Are employees being trained in the use of AI?
Attend #RISK to learn & knowledge share:
No comments yet