1st Source Bank attack exposes 450,000 people

1st Source Bank, a US-based victim of the MOVEit Transfer mayhem, said attackers may have accessed user Social Security numbers (SSNs) and government-issued IDs.

The scale of havoc unleashed by the Cl0p ransomware syndicate continues to climb, with 1st Source Bank revealing the number of people exposed in the attack against the organization.

According to data that the bank provided to the Maine Attorney General, the attack on 1st Source Bank’s MOVEit Transfer servers impacted 450,000 people.

“1st Source Bank learned that certain personal information belonging to its customers was contained within a file that may have been acquired without authorization in connection with the MOVEit software vulnerability,” the notification said.

The bank said that attackers may have accessed individuals’ names, dates of birth, SSNs, driver’s license or state identification card numbers, and other government identification numbers. Affected individuals are being offered identity monitoring services.

Cybersecurity firm Emisoft puts the number of individuals impacted by the MOVEit transfer attacks at 20 million, with nearly 400 companies exposed. Thousands of servers were online when Cl0p exploited the now-patched zero-day flaw affecting MOVEit Transfer systems.

Unrelenting Cl0p and MOVEit hacks

Cl0p is the Russia-linked ransom group claiming responsible for exploiting a SQL database injection flaw in the MOVEit Transfer file system, which has impacted thousands of companies worldwide.

The MOVEit zero-day vulnerability allowed the gang to access and extract certain information and files from its victim’s database servers.

Named victims include American Airlines, TJX off-price department stores, TomTom, Pioneer Electronics, Autozone, and Johns Hopkins University and Health System.

Other prominent brand victims include Shutterfly, Warner Bros Discovery, AMC Theatres, Honeywell, Choice Hotels’ Radisson Americas chain, and Crowe accounting advisory firm.

Exclusive information, vetted by Cybernews, indicates that at least some of Cl0p’s affiliates might be residing in Kramatorsk, a Ukrainian city in the country’s embattled east. US officials are offering a $10 million bounty on the Cl0p gang.