Ernst & Young (EY), PricewaterhouseCoopers (PwC) as well as other organisations have been affected by the cyberattack made by cybercrime group Clop on the popular MOVEit file transfer tool.
EY’s global office said that it launched an investigation into its use of the MOVEit tool and took “urgent steps to safeguard any data” after software company Progress confirmed that their MOVEit file transfer product contained a “critical vulnerability” on May 31.
“We have verified that the vast majority of systems which use this transfer service across our global organization are secure and were not compromised. We are manually and thoroughly investigating systems where data may have been accessed. Our priority is to first communicate to those impacted, as well as the relevant authorities. Our investigation is ongoing,” says the firm.
PwC Singapore adds that it is not a customer of MOVEit and that it has not been impacted by the incident.
"Data security is a key priority for PwC and we continue to put the right resources and safeguards in place to protect our network and help detect and prevent future attacks," says the firm.
According to a June 19 article on Bloomberg, a zero-day vulnerability in MOVEit's file transfer software was publicly revealed on Twitter, which is not commonly practised among cybersecurity researchers as going public may aid bad actors to take action.
See also: Microsoft warns other firms of Russian-sponsored group in email hacking
Some of the organisations affected by the breach are BBC, British Airways, EY, Australian health insurer Medibank and Shell. Several US institutions such as the Johns Hopkins University and Health System, the Louisiana Office of Motor Vehicles (OMV) and the Oregon Department of Transportation were also affected by the breach.
