reports that data breaches related to the widespread Cl0p ransomware attack leveraging a vulnerability in the MOVEit Transfer file transfer app
have been disclosed by more organizations.
Multinational oil and gas corporation Shell confirmed that the MOVEit hack has resulted in the compromise of personal information belonging to its employees but details regarding the extent of the breach remain unclear.
Cl0p, which has previously impacted the company through the Accellion hack three years ago, claimed to have leaked Shell's data after refusing negotiations. On the other hand, major Indiana-based financial services firm First Merchants Bank announced that customer data, including addresses, Social Security numbers, and financial account information, but not online and mobile banking credentials, had been accessed as a result of the attack.
Impact from the MOVEit hack has also been reported by Madison College in Wisconsin, the Cambridgeshire County Council in the U.K., and the Dublin Airport.
More than 200 organizations have been compromised by the massive MOVEit hack impacting more than 17.5 million individuals, according to Emsisoft Threat Analyst Brett Callow, who noted that U.S. cybersecurity firm Telos and eight other organizations were recently removed from Cl0p's leak site.