MOVEit Hack Casualties Continue To Grow

In a series of massive cyberattacks, hackers have compromised the personal data of over 15.5 million individuals. The Clop ransomware group is responsible for these attacks, targeting more than 140 organisations, and the number of victims is continuously increasing.

The Extent of the Breach

The impact of the Clop ransomware attacks is substantial, affecting diverse organisations and millions of individuals. Although only ten victims have confirmed the number of affected people, the count already exceeds 15.5 million. Some notable victims include:

  1. Oregon driver’s license holders: Approximately 3.5 million individuals.
  2. Louisiana residents: Around 6 million people.
  3. California Public Employees’ Retirement System members: Roughly 770,000 individuals.
  4. Genworth Finance clients: Between 2.5 and 2.7 million people.
  5. Wilton Reassurance insurance customers: Approximately 1.5 million individuals.
  6. Tennessee Consolidated Retirement System beneficiaries: Over 170,000 people.
  7. Talcott Resolution customers: More than half a million individuals.

Additionally, the breach extends to the U.S. educational nonprofit National Student Clearinghouse. This has impacted 3,600 colleges and universities, and 22,000 high schools, making it a potentially significant breach in terms of numbers.

Impact on Government and Public Sector

The Clop ransomware attacks are not limited to private organisations. At least seven U.S. universities and 16 public sector organisations have fallen victim to these mass-hacks. The U.S. Department of Health and Human Services (HHS) is one such public sector victim, reporting an incident involving the exposure of over 100,000 individuals. Several other U.S. government agencies have also experienced intrusions related to the MOVEit transfer flaw.

Non-Governmental Targets

Clop has broadened its scope to target non-governmental entities as well. In recent weeks, the group added tens of new victims to its leak site, including banks, consultancy and legal companies, and energy giants. Siemens Energy, among the targets, reported no compromise of critical data or operational disruption. Similarly, the University of California–Los Angeles (UCLA) fell victim to the attack while using MOVEit Transfer to transfer files across campus and with other entities.

Ongoing Investigations and Response

Numerous organisations listed as victims by Clop have not yet responded to requests for comment, and the exact number of impacted organisations remains uncertain. Clop claims to have compromised “hundreds” of organisations on its leak site, indicating that more victims may emerge in the future.

In response to these mass attacks, the U.S. State Department offered a $10 million bounty for information on the Clop ransomware group, a Russia-linked gang known for previous mass-attacks exploiting vulnerabilities in various file transfer tools.


The Clop ransomware group’s exploitation of the MOVEit file transfer tool has resulted in one of the largest data breaches in history, affecting over 15.5 million individuals across various organisations. The attacks have targeted both private and public entities, highlighting the urgency for robust cybersecurity measures.

As investigations continue, more victims may come to light, necessitating collective efforts to combat cyber threats and protect sensitive data.

Update: MOVEit patched a vulnerability discovered in the MOVEit software on May 31.