Attackers start leaking Procter & Gamble data

Published: 3 April 2023
Last updated: 3 April 2023
P&G Cl0p ransomware
Image by Shutterstock.

Procter & Gamble’s (P&G) supposedly commercial data was posted on a dark-web blog that cybercriminals use to publicize and blackmail victims.

P&G confirmed to Cybernews that “one of the many companies” the US consumer goods conglomerate owns was victimized due to Fortra’s GoAnywhere vulnerability.

Russia-linked ransomware syndicate Cl0p claimed dozens of victims, citing the zero-day bug found on Fortra’s GoAnywhere managed file transfer.

ADVERTISEMENT

For example, the summary on the Cl0p website says that supposedly leaked P&G data comes from a server that stored the company’s data on GoAnywhere‘s cloud infrastructure.

P&G data
Data Cl0p uploaded on the gang's leak site. Image by Cybernews.

Sample data included in the leak indicate Cl0p’s attack affected one of the regional distribution branches in a major US city. The dataset includes information on entities purchasing P&G’s products, such as Amazon and Walmart.

However, P&G’s assessment that threat actors didn’t get their hands on sensitive customer data appears to hold up to scrutiny, as the samples Cl0p included primarily focus on purchases made by commercial clients.

“The data that was obtained by the unauthorized party did not include information such as Social Security numbers or national identification numbers, credit card details, or bank account information,” the company’s representative told Cybernews in late March.

Fortra’s GoAnywhere bug allowed Cl0p to breach multiple companies in recent weeks. Notable victims of the zero-day bug flaw include German insurer Munich Re, Virgin Red, education company Pluralsight, energy behemoths Shell and Hitachi, and many other companies.

However, several companies attacked by Cl0p told Cybernews they were unfazed by the claimed breaches, saying the exposed data had little effect on daily activities, with some going as far as to call the exposed data “meaningless content.”

Cl0p ransomware has been around since 2019. The gang has also been at the forefront of the ransomware world, with estimated payouts reaching $500 million in November 2021.

ADVERTISEMENT

P&G is a market leader in consumer goods, with reported sales of $80.2 billion for the fiscal year 2022. Procter & Gamble makes popular consumer brands such as Tide, Pampers and Gillette. According to Fortune, the company employs over 100,000 people worldwide.

Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT