Honeywell confirms impact by MOVEit hacks

American advanced technology conglomerate Honeywell International confirms some sensitive company data has been compromised as part of the MOVEit attack spree.

Honeywell now joins a growing list of companies who have been impacted by the massive breach of the MOVEit file transfer system, carried out by the Cl0p ransom gang in late May.

The North Carolina headquartered company was added to the latest batch of victims released by the gang on their dark leak site this week.

Honeywell’s Director of External Communications Caitlin Leopold told Cybernews that the company had been aware of the leak, releasing an official statement on its corporate website on June 16th.

“The investigation detected unauthorized access on a single MOVEit server, the company said in its statement.

“As part of our ongoing investigation, we have found data, including certain personally identifiable information, that has been accessed through the MOVEit app by an unauthorized third party. We are contacting affected individuals, customers, and partners as appropriate,” Honeywell said.

Honeywell International MOVEit breach
Cl0p leak site

Honeywell went on to say that the breach has had no material impact on business operations, and all of its systems are fully online.

The Fortune 100 company also stated that its cybersecurity defenses limited the impact to the affected server, and IT teams fully patched and upgraded the MOVEit app as soon as fixes were available.

Honeywell International spans numerous industrial sectors providing products and services to clients around the world, including manufacturing aerospace and automotive products; industrial control systems; specialty chemicals and plastics; and engineered materials.

The present company was formed in 1999 through the merger of Allied Signal Inc.

MOVEit and Cl0p impact hundreds

Progress, the American software maker and distributor of MOVEit Transfer, has released three critical security patches since the Russian-affiliated Cl0p gang claimed responsibility for exploiting a zero-day vulnerability in the system.

The MOVEit Transfer system is just one of the dozens of third-party tools the Progress software company offers to its business customers.

Experts we’ve spoken to say that around 3,000 deployments of MOVEit Transfer were in use when the zero-day flaw was first exploited by the Cl0p gang.

Presently there are at least 150 victims listed on Cl0p's dark leak site, including Honeywell.

Along with victims' names, the gang often posts details on its dark leak site revealing how much data was allegedly stolen in the company breach, as well as providing alleged samples of their handiwork.

On June 14th, Cl0p threatened to release the names of its victims, along with troves of stolen data, if victims did not contact them and pay an undisclosed ransom demand.

Earlier this week, Cybernews confirmed the MOVEit attacks had impacted ING Bank, as well as three other major European banks, including Deutsche Bank and Postbank.

Choice Hotels’ Radisson Americas chain and Crowe accounting advisory firm also reported to Cybernews a loss of customer data this week.

Earlier MOVEit victims included PWC, Ernst & Young, Sony, Siemens Energy, the NYC Department of Education, and Shell Global, the first victim to be named by Cl0p on June 14th.

Several US federal agencies, including the Department of Energy and Health were also impacted, prompting the US officials to issue a $10 Million dollar bounty on the Cl0p gang.