Earlier this week,
ransomware operator Clop started listing the victims, compromised in the MOVEit data breach, on its data leak website, among the first victims to be listed on the site include 1st Source and First National Bankers Bank, Putnam Investments, Landal Greenparks, Shell, Datasite, National Student Clearinghouse, United Healthcare Student Resources, Leggett & Platt, ÖKK, University System of Georgia.
It was also reported that GreenShield Canada, a non-profit provider of healthcare and dental benefits, was listed and subsequently deleted from the data leak site. While it’s impossible to determine at this point, it could be that the non-profit agreed on a ransom demand and paid it in order to have its data removed from the site.
While these are the first companies the Clop ransomware gang itself posted on the leak site, these are not the first companies in general, that are confirmed to have been hit by the incident. HR and payroll software supplier Zellis confirmed its systems were compromised early last week, and given that it provides its services to some of the biggest companies in the UK, the data breach tricked down. Hence, the BBC, British Airways, and Aer Lingus, all confirmed having sensitive data stolen from their premises.
Furthermore, the Johns Hopkins University, as well as Ofcom, also confirmed being hit. The Government of Nova Scotia, and the Transport for London (TfL) were also affected, but it’s too early to tell if Clop will release their files or not. In its initial announcement, the threat actor said “If you are a government, city or police service… we erased all your data.”
The BBC also claims Ernst and Young were affected, too.