A criminal hacking gang has added more names to its lists of alleged victims from a recent campaign that exploited a vulnerability in a popular file-transfer product.
The group, known as Clop, threatened to post internal data from professional services firms Pricewaterhousecoopers LLP and Ernst & Young LLP unless they pay a ransom fee. The scope of the incidents weren't immediately clear.
The Russian-speaking gang has in recent weeks launched scores of attacks after discovering a vulnerability in MOVEit, a file-sharing software from
Pricewaterhousecoopers in a statement confirmed it used MOVEit software, and that the hack had a "limited impact" on the firm, which said that it stopped using the MOVEit platform upon learning of the incident.
"We have reached out to the small number of clients whose files were impacted to discuss the incident," a company spokesperson said. "Data security is a key priority for PwC and we continue to put the right resources and safeguards in place to protect our network."
Ernst & Young has previously said it had launched an investigation into its use of the MOVEit tool and "took urgent steps to safeguard any data."
"We have verified that the vast majority of systems which use this transfer service across our global organization are secure and were not compromised," the spokesperson said in a statement from June 16. "We are manually and thoroughly investigating systems where data may have been accessed. Our priority is to first communicate to those impacted, as well as the relevant authorities. Our investigation is ongoing."
The largest U.S. public pension fund, the California Public Employees' Retirement System, or CalPERS, also said the personal data of about 769,000 members — including Social Security numbers, dates of birth and potentially the names of family members — have been exposed due to the same MOVEit issue.
CalPERS said a third-party vendor that CalPERS used to help make payments to retirees and other beneficiaries notified the company on June 6 that a MOVEit vulnerability allowed data to be downloaded by an unauthorized party.
"This external breach of information is inexcusable," said CalPERS Chief Executive Officer Marcie Frost in a statement. "Our members deserve better."
The U.S. Cybersecurity and Infrastructure Security Agency on June 1 issued
Progress has since released a patch to fix the vulnerability, but about 90 companies are so far known to have been affected by the hack, according to cybersecurity researchers.
Last week, Shell Plc
Clop has been among the most prolific cybercriminal gangs in recent years, causing hundreds of millions of dollars of damage internationally, according to the cybersecurity firm Trend Micro Inc.
In a statement posted on its dark web page last week, Clop invited victims to reach out and negotiate. "We have information on hundreds of companies so our discussion will work very simple," the gang said, claiming it had downloaded "a lot of your data as part of exceptional exploit."
— With assistance from Katrina Manson