UK regulator Ofcom acknowledges being targeted in a cyberattack, resulting in unauthorized access to personal information of staff members and a limited amount of business data. Stay informed on the latest updates regarding this security breach.
The UK communications regulator Ofcom has acknowledged that it was one of the targets of the ‘MOVEit’ cyberattack, in which hackers downloaded the personal information of 412 Ofcom workers as well as a ‘small quantity of information’ on some of the businesses it now oversees.
Who is responsible for and what is the MOVEit attack?
Employee personal data was stolen by hackers using a weakness in the MOVEit Managed File Transfer (MFT) program, according to organizations like the BBC, British Airways, Aer Lingus, and now Ofcom.
MOVEit’s client Zellis, a UK-based provider of payroll software, had payroll data that was compromised as a result of the attack. The affected employees’ personal information was stored by Zellis, which was used by all of the affected businesses.
On Monday, June 5, analysts from Microsoft Threat Intelligence publicly identified the threat organization responsible for the attack as “Lace Tempest,” which is also known for operating the extortion website “Clop.” The same gang, which is thought to have its basis in Russia, has also been blamed for cyberattacks in the past.
On the dark web, the Clop group published a note urging concerned businesses to email them by June 14 or else all of the stolen data will be made public. When compared to most cyberattacks, when the attacker typically contacts the people who possess the hacked information, the request is rare. It is thought that in this instance, the group might not be able to keep up with the size of their assault.
On its leak site, Clop stated that it has removed all data from city, state, and federal agencies because it had “no interest” in making the material public.
How may the effects be lessened for the affected organizations?
All impacted businesses will now be debating the best course of action to mitigate the harm caused by the assaults and prevent a repeat in the future as the threat of disclosing substantial amounts of private information looms.
Christine Sabino, legal director at the law firm Hayes Connor, spoke on the risks posed by the stolen data and ways that organizations might lessen the harm done: “Personal information, even insignificant pieces like names, dates of birth, or social security numbers, can result in identity theft, causing monetary losses and reputational harm.
“However, in this instance, since many pieces of data were shared, the risk is increased for the employees whose information was compromised.
Because of the open channels of communication with the affected employees, it is obvious that many of the organizations concerned are taking the matter seriously. To that end, it is suggested that people impacted seek the assistance of professionals to help minimize the harm because this will undoubtedly be a very stressful period for them.
Businesses must establish strict data security procedures and keep open communication with their clients, business associates, and personnel. Organizations can do this to reduce risks, preserve sensitive data, and show their commitment to privacy protection.
Another “feather in the cybercriminals’ cap” is Ofcom
However, putting in place strict security measures and adhering to safety regulations won’t guarantee safety in the future. The MOVEit attack demonstrates how hackers can access information by using third-party goods and services.
According to Marijus Briedis, a cybersecurity expert at VPN service provider NordVPN, the MOVEit attack will add another feather to the crown of the cybercriminals responsible for it. “Stealing personal and business data from under the nose of the UK’s media regulator will be another feather in their cap,” she said.
“The massive scope of the attack and notable targets like the BBC, British Airways, and Ofcom indicate that this was painstakingly planned, and the hackers may have been aware of the file-transfer software’s vulnerability for several months.
This large data theft will increase the attackers’ profile in the cutthroat ransomware-for-hire market that exists on the dark web, assuming they are related to the Russian-based Clop group, as is suspected. As opportunistic hackers attempt to take advantage of third-party services – in this case, a payroll firm employing MOVEit – as a pathway to catching a large fish further down the line, it also demonstrates the persistent risk of supply chain assaults on the UK.