US utility giant says MOVEit hack exposed stolen data

LovabledanielsFebruary 18, 202563 Views

PLL Electric Utilities confirms data leaked online
It was stolen from a third-party vendor during MOVEit hack
No banking or payment information was leaked

It has been almost two years since the MOVEit MFT data breach fiasco, but businesses and their customers are still feeling the consequences.

PLL Electric Utilities is the latest to confirm information stolen back in 2023 has now been leaked online, as one of its vendors was exposed through MOVEit.

“The information did not extend beyond basic information such as name, address, phone number, email address and account number,” a company spokesperson said. Banking or credit card information, social security numbers or account passwords were not disclosed, since PPL did not share this data with the compromised vendor in the first place – but the information can still be used in phishing attack, identity theft, social engineering, and more.

Millions of victims

“This issue is completely unrelated to PPL’s systems and critical infrastructure across all our service areas,” the company said.

The 2023 MOVEit data breach was a large-scale cyberattack exploiting a zero-day vulnerability in MOVEit Managed File Transfer, a file transfer software built by Progress Software. It was discovered in late May 2023, when the flaw allowed attackers to execute SQL injection attacks and gain unauthorized access to sensitive data.

Ransomware actors known as Cl0p were the ones exploiting the bug to steal data from organizations worldwide. The attack impacted more than 600 organizations and roughly 40 million individuals, including governments, financial institutions, healthcare providers, and major corporations. Among more notable victims are U.S. federal agencies, British Airways, Shell, and BBC.

The Cl0p ransomware gang is estimated to have extorted between $75 million and $100 million. Despite a low percentage of victims opting to pay, the group secured substantial sums from a select few who met their high ransom demands.

Via The Record