In a series of massive cyberattacks, hackers have compromised the personal data of over 15.5 million individuals. The Clop ransomware group is responsible for these attacks, targeting more than 140 organisations, and the number of victims is continuously increasing.
The Extent of the Breach
The impact of the Clop ransomware attacks is substantial, affecting diverse organisations and millions of individuals. Although only ten victims have confirmed the number of affected people, the count already exceeds 15.5 million. Some notable victims include:
- Oregon driver’s license holders: Approximately 3.5 million individuals.
- Louisiana residents: Around 6 million people.
- California Public Employees’ Retirement System members: Roughly 770,000 individuals.
- Genworth Finance clients: Between 2.5 and 2.7 million people.
- Wilton Reassurance insurance customers: Approximately 1.5 million individuals.
- Tennessee Consolidated Retirement System beneficiaries: Over 170,000 people.
- Talcott Resolution customers: More than half a million individuals.
Additionally, the breach extends to the U.S. educational nonprofit National Student Clearinghouse. This has impacted 3,600 colleges and universities, and 22,000 high schools, making it a potentially significant breach in terms of numbers.
Impact on Government and Public Sector
The Clop ransomware attacks are not limited to private organisations. At least seven U.S. universities and 16 public sector organisations have fallen victim to these mass-hacks. The U.S. Department of Health and Human Services (HHS) is one such public sector victim, reporting an incident involving the exposure of over 100,000 individuals. Several other U.S. government agencies have also experienced intrusions related to the MOVEit transfer flaw.
More from News
- Could China Really Switch Off Nigeria’s Satellites? The $11.44M Dispute Explained
- Your Food Delivery Services May Be Impacted By The Global Oil Crisis, Here’s How
- From 19 March, Debit And Credit Card Users Can Control Their Contactless Limits In The UK
- Why Are Anti Drone Patents Up 27% In A Year?
- Boost Named monday.com’s Best Professional Services Partner In EMEA For The Second Consecutive Year
- Tech Experts Discuss The Future Of Agentic AI After Agent Mines Crypto Without Receiving Instructions
- Meta Acquires Moltbook: What Responsibility Do Meta And Regulators Have To Control The Platform?
- Are Space Data Centres The Next Big Thing, Or Is Musk Dreaming Big?
Non-Governmental Targets
Clop has broadened its scope to target non-governmental entities as well. In recent weeks, the group added tens of new victims to its leak site, including banks, consultancy and legal companies, and energy giants. Siemens Energy, among the targets, reported no compromise of critical data or operational disruption. Similarly, the University of California–Los Angeles (UCLA) fell victim to the attack while using MOVEit Transfer to transfer files across campus and with other entities.
Ongoing Investigations and Response
Numerous organisations listed as victims by Clop have not yet responded to requests for comment, and the exact number of impacted organisations remains uncertain. Clop claims to have compromised “hundreds” of organisations on its leak site, indicating that more victims may emerge in the future.
In response to these mass attacks, the U.S. State Department offered a $10 million bounty for information on the Clop ransomware group, a Russia-linked gang known for previous mass-attacks exploiting vulnerabilities in various file transfer tools.
Conclusion
The Clop ransomware group’s exploitation of the MOVEit file transfer tool has resulted in one of the largest data breaches in history, affecting over 15.5 million individuals across various organisations. The attacks have targeted both private and public entities, highlighting the urgency for robust cybersecurity measures.
As investigations continue, more victims may come to light, necessitating collective efforts to combat cyber threats and protect sensitive data.
Update: MOVEit patched a vulnerability discovered in the MOVEit software on May 31.
