2023’s Largest Data Breach
Protecting Your Info in the Aftermath


In the biggest hack of the year, the file transfer platform MOVEit, developed by Progress Software, fell victim to a Russian ransomware operation called Cl0p back in May. This breach exploited a previously unknown vulnerability in the MOVEit software. Although a patch was quickly issued, some users failed to install it, leaving them vulnerable to attacks.

MOVEit is widely used by thousands of governments, financial institutions, and numerous public and private companies worldwide. Shockingly, it is estimated that this breach has impacted at least 455 organizations and over 23 million individuals who were customers of MOVEit. Among the compromised entities are well-known names such as the US Department of Energy, New York City Department of Education, Shell, Ernst & Young, and more. Most of the affected organizations (73%) are based in the US, with finance, professional services, and educational institutions being the hardest-hit sectors.

Cl0p ransomware, used in cyberattacks since 2019, operates by publishing stolen data on the dark web. This ransomware and its associated website have been linked to FIN11, a financially motivated cybercrime group with ties to Russia and Ukraine, believed to be part of the larger umbrella operation known as TA505.  

What makes this breach particularly alarming is that many of the affected organizations provide services to a wide range of companies and government entities. This implies that their customers, patients, taxpayers, and students may have been compromised indirectly, potentially including you!

The crucial question is whether YOU were notified of this breach. While it didn’t make mainstream headlines, breached companies are obliged to inform affected individuals. Notifications may be sent via email or physical letters, but email reliability can be hindered by spam filters, and issuing letters to over 36 million people takes time.

If you are a user of the compromised software, it’s imperative to take immediate action to protect yourself:

  • Change all Passwords and PINs: Update your passwords and PINs without delay. Ensure they are at least 12 characters long, comprising a mix of uppercase and lowercase letters, numbers, and special characters. Avoid reusing passwords.
  • Enable Multifactor Authentication (MFA): Activate MFA for all critical software applications and websites you use, including Microsoft Office, QuickBooks, banking and payroll software, and credit card processors. MFA adds an extra layer of security to your accounts.
  • Monitor Accounts: Regularly review your financial and online accounts for suspicious activities. If you find any, report them immediately to the service provider or financial institution.
  • Dark Web Scan: Organizations can consider conducting a Dark Web Vulnerability Scan to assess if their information is on the dark web. This can help identify potential risks and help you to take appropriate action to mitigate them.
  • Stay Informed: Keep an eye on the news and updates related to the breach. You should be notified by the breached companies, but staying informed about developments can be useful.
  • Contact Customer Support: If you suspect your information may have been compromised, contact the customer support of the service provider to ask how to secure your data.
  • Educate and Train Employees: Organizations should invest in cybersecurity training and awareness to educate their employees about best practices and potential threats.

To assess whether your company’s information is on the dark web, you can request a free Dark Web Vulnerability Scan for your organization (unfortunately, not available for individuals). Provide your domain name, and we will conduct a confidential review, ensuring your security is not compromised. If you have any questions about the Dark Web Scan, please contact us directly at 505-792-2375.

Stay vigilant and proactive in safeguarding your data in the wake of this significant data breach.