Gen Digital Employee Info Stolen in MOVEit Transfer Cyberattack

File-transfer platforms are prime targets for attackers since they often contain sensitive data.

Edward Gately, Senior News Editor

June 21, 2023

3 Min Read
Hacker stealing info
Brian A Jackson/Shutterstock

Gen Digital, the parent company of top cybersecurity brands Norton, Avast, LifeLock, Avira and AVG, was among victims of the recent MOVEit Transfer ransomware attack.

Last week, several U.S. government agencies including the U.S. Department of Energy were hacked via a MOVEit Transfer software vulnerability. The hacks are part of a larger cyberattack believed to be carried out by the Russia-based Clop ransomware gang.

Gen Digital sent us the following statement:

“We use MOVEit for file transfers and have remediated all of the known vulnerabilities in the system. When we learned of this matter, we acted immediately to protect our environment and investigate the potential impact. We have confirmed that there was no impact to our core IT systems and our services, and that no customer or partner data has been exposed. Unfortunately, some personal information of Gen employees and contingent workers was impacted, which included information like name, company email address, employee ID number, and in some limited cases home address and date of birth. We immediately investigated the scope of the issue and have notified the relevant data protection regulators and our employees whose data may have been impacted.”

Gen Digital Among Many Victims Globally

Valenzuela-Ismael_BlackBerry.jpg

BlackBerry’s Ismael Valenzuela

According to a BlackBerry blog, last week’s Clop ransomware attack against the MOVEit Transfer file-transfer platform led to compromised networks around the globe. Ismael Valenzuela, BlackBerry’s vice president of threat intelligence, said there’s a lot of information threat actors can uncover by compromising this and similar tools.

“While it’s bad, it’s also important to notice that this is not like the supply chain attack against SolarWinds or similar,” he said. “This is rather a remote-code execution attack, where attackers were able to probe, exploit and upload a webshell to exfiltrate data from vulnerable internet-facing servers.”

File-transfer platforms are prime targets for attackers since they often contain sensitive data, Valenzuela said. And if the victim is a payroll company or a legal organization, the threat actor may end up having access to a wide range of sensitive customer information from various industries and geographies.

“In this case, that includes U.S. government agencies, airlines and media companies, an oil giant, health services, international consulting firms, and many more,” he said.

Shiner-Jeff_1Password.jpg

1Password’s Jeff Shiner

Jeff Shiner, CEO of 1Password, said while the MOVEit breach was unique to its file-sharing software, it shows “just how vulnerable our online information truly is.”

“Cybersecurity attacks continue to rise, and will become increasingly sophisticated and complex as generative artificial intelligence (AI) continues to evolve,” he said. “But there are some simple things that individuals can do to help reduce their risk if caught in a breach. These include keeping your devices and software up to date, utilizing strong, unique passwords for all your accounts, and keeping a close eye on your credit and personal identification information, so you can take timely action if needed to protect your important information.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsVARs/SIs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like