top of page

Largest Cyberattack of 2023: MOVEit Transfer Software Breach Affects Over 1,000 Organizations

In a year marked by escalating cyber threats, the recent mass-exploitation of MOVEit Transfer software has emerged as a significant cybersecurity incident, cementing its position as the largest hack of 2023. The breach has affected more than 1,000 known victims, underscoring the scale of the attack, according to cybersecurity firm Emsisoft.

While the complete fallout of the breach is expected to unfold over the coming months, this milestone not only positions it as the biggest hack of the year but also as one of the most substantial in recent history.

The breach saga began in May when Progress, the company behind MOVEit Transfer, revealed a zero-day vulnerability in its managed file transfer service. This service, widely used by organizations to transfer sensitive data online, was exploited by attackers, including the infamous Clop ransomware gang. This exploit allowed them to breach MOVEit Transfer servers and pilfer customers' sensitive data.

In the aftermath of the attack, Clop continued to launch attacks and issued threats of releasing stolen data unless ransom payments were made. The number of known victim organizations, affected individuals, and costs associated with the incident have all risen since then.

Key figures shed light on the impact of this attack:

  • 60,144,069: The number of impacted individuals crossed 60 million as the count of known victim organizations surpassed 1,000, indicating the far-reaching consequences of the breach.

  • 83.9%: U.S.-based organizations constitute the majority of known MOVEit corporate victims, followed by German, Canadian, and UK entities.

  • 11 million: Government services giant Maximus, which fell prey to the breach, reported that hackers accessed sensitive health information and Social Security numbers of up to 11 million individuals.

  • $9,923,771,385: The estimated cost of the attack so far, based on IBM data and the number of confirmed impacted individuals.

  • 2021: Researchers believe the Clop group may have been testing the MOVEit exploit since 2021.

  • $10,000,000: The U.S. State Department has offered a $10 million reward for information on the Clop ransomware group, which compromised several of its entities.

  • $100,000,000: The potential earnings for Clop from the mass-hacking campaign, as estimated by ransomware recovery firm Coveware.

Despite the attackers' claims, it remains uncertain if they possess no government-related data. The situation underscores the alarming power and financial motivation driving modern cybercriminals. As organizations scramble to bolster their defenses, the MOVEit breach serves as a stark reminder of the evolving threat landscape and the critical importance of cybersecurity preparedness. BigID’s CISO, Tyler Young weighed in on how organizations need to prioritize security and take mitigation steps before a breach occurs: "Organizations can no longer neglect cybersecurity due to resource limitations or ignorance. It is crucial to prioritize data protection, understand your assets and attack surface, invest in preventative security measures, and take proactive steps to mitigate vulnerabilities. The days of not investing in security and not having a Chief Security Officer reporting into an organization's executive team is not acceptable.

Organizations can no longer assume “the breach will not happen to us”, and need to take cybersecurity seriously. While it may not be possible for organizations to immediately remediate every vulnerability, it's extremely important that all organizations take mitigation steps to reduce the impact of a vulnerability like the one(s) impacting the MOVEit software." ###


bottom of page