Serco employee data exposed via MOVEit attack on third-party


Serco, a British defense, transport, and health behemoth, said that its US employee data was leaked in a third-party attack involving the MOVEit Transfer exploit.

The company said that its third-party benefits administrator CBZ experienced a ransomware attack involving the MOVEit Transfer platform. The Russia-linked Cl0p gang has taken credit for exploiting a now-patched zero-day bug that affected MOVEit Transfer.

According to a breach notification letter, which Serco sent to affected employees, the breach could have exposed names, US Social Security numbers (SSNs), dates of birth, home mailing addresses, business and personal emails, and health benefits for the ongoing year.

According to Serco’s information to the Maine Attorney General, over 10,000 people were impacted by the breach. Since the impacted legal entity, Serco Inc., is registered in Virginia, it’s likely that employees of Serco’s American branch were affected by the attacks.

The attackers could use the exposed information for identity theft, spear-phishing, and social engineering attacks. Experts warn that even leaked personal information can be collated to have a devastating impact.

However, Serco has said that so far, there’s no evidence that personal information has been misused by attackers. The company will offer victims credit and identity monitoring services free of charge for a year.

Serco is a cross-sector company operating in several sectors, such as defense, transport, justice, immigration, healthcare, and other services across Europe, North America, Asia Pacific, and the Middle East. The company has over 50,000 staff and enjoyed a revenue of £4.5 billion ($5.7 billion) last year.

Cl0p and MOVEit hacks

So far, nearly 560 organizations have been confirmed to be impacted by Cl0p’s MOVEit Transfer attacks, with over 38 million people having their data exposed.

Recently, Deloitte, a New York City-based global auditing and accounting firm, confirmed that it had also fallen victim to the MOVEit attacks, joining others from the Big Four financial service giants, PWC and EY.

Cl0p is a Russia-linked ransom group claiming responsibility for exploiting a SQL database injection flaw in the MOVEit Transfer file system, impacting thousands of companies worldwide.

Named victims include American Airlines, TJX off-price department stores, TomTom, Pioneer Electronics, Autozone, and Johns Hopkins University and Health System.

Other prominent brand victims include Shutterfly, Warner Bros Discovery, AMC Theatres, Honeywell, Choice Hotels’ Radisson Americas chain, and Crowe accounting advisory firm.

Exclusive information, vetted by Cybernews, indicates that at least some of Cl0p’s affiliates might be residing in Kramatorsk, a Ukrainian city in the country’s embattled east. US officials are offering a $10 million bounty on the Cl0p gang.


More from Cybernews:

Satellites easier to hack than a Windows device

Meta releases sound generation tool AudioCraft

Cult of the Dead Cow wants to launch secure messaging app

Siblings' decade-long online child abuse scheme exposed by police

Ransom gangs have cost manufacturers $46B

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked