Ernst & Young was added to the group's winning score.
Ernst & Young (EY), one of the world's largest accounting and consulting firms, has reported data breaches of more than 30,000 Bank of America customers. The reason was another cyber attack through the MOVEit Transfer system, which was used to transfer sensitive files.
The attack became known on May 31. According to a letter sent by the victims on August 9, the organization immediately launched an investigation to determine the extent of the problem. The internal systems were not affected, but the data was still stolen.
The Clop hacker group, which has been spreading ransomware through the MOVEit vulnerability, has claimed responsibility. Thousands of structures around the world have already suffered from this defect.
Among the leaked information are names, addresses, financial account information, debit and credit card numbers, social security numbers, passport scans and government identification numbers. Clop claims they have access to three terabytes of information.
Cybercriminals can use the information for fraud, ranging from phishing attacks to opening new credit accounts, making unauthorized purchases or obtaining loans under false pretenses.
EY said Bank of America will provide affected customers with a "free two-year membership to the Identity Theft Protection Service." The letter asks potential victims to be on the lookout and carefully check account statements and credit reports for suspicious activity.
The vulnerability exploited by the attackers was related to SQL injection. This type of attack allows you to insert malicious code by changing the behavior of the database. The defect is especially dangerous because it can be used for subsequent hacks.
Many experts expressed concern that Clop's success could serve as an example for other hacker groups.
Other well-known organizations were also targeted by hackers. Recently, the American broker TD Ameritrade announced the compromise of the data of over 60,000 of its clients. Victims also include American Airlines, TJX, TomTom, Pioneer Electronics, Autozone, Johns Hopkins University, Warner Bros Discovery, AMC Theatres, Honeywell, Choice Hotels' Radisson Americas hotel chain, and consulting firm Crowe.
Given that the average ransom is over $250,000 and only 10% of those affected have paid it, the group may have already made several million dollars.
Ernst & Young (EY), one of the world's largest accounting and consulting firms, has reported data breaches of more than 30,000 Bank of America customers. The reason was another cyber attack through the MOVEit Transfer system, which was used to transfer sensitive files.
The attack became known on May 31. According to a letter sent by the victims on August 9, the organization immediately launched an investigation to determine the extent of the problem. The internal systems were not affected, but the data was still stolen.
The Clop hacker group, which has been spreading ransomware through the MOVEit vulnerability, has claimed responsibility. Thousands of structures around the world have already suffered from this defect.
Among the leaked information are names, addresses, financial account information, debit and credit card numbers, social security numbers, passport scans and government identification numbers. Clop claims they have access to three terabytes of information.
Cybercriminals can use the information for fraud, ranging from phishing attacks to opening new credit accounts, making unauthorized purchases or obtaining loans under false pretenses.
EY said Bank of America will provide affected customers with a "free two-year membership to the Identity Theft Protection Service." The letter asks potential victims to be on the lookout and carefully check account statements and credit reports for suspicious activity.
The vulnerability exploited by the attackers was related to SQL injection. This type of attack allows you to insert malicious code by changing the behavior of the database. The defect is especially dangerous because it can be used for subsequent hacks.
Many experts expressed concern that Clop's success could serve as an example for other hacker groups.
Other well-known organizations were also targeted by hackers. Recently, the American broker TD Ameritrade announced the compromise of the data of over 60,000 of its clients. Victims also include American Airlines, TJX, TomTom, Pioneer Electronics, Autozone, Johns Hopkins University, Warner Bros Discovery, AMC Theatres, Honeywell, Choice Hotels' Radisson Americas hotel chain, and consulting firm Crowe.
Given that the average ransom is over $250,000 and only 10% of those affected have paid it, the group may have already made several million dollars.
