Three US firms add over a million MOVEit victims


Sovos, Financial Institution Service Corporation (FISC), and Johnson Financial Group (JFG) said the MOVEit breach impacted the sensitive data of over one million individuals.

One of the biggest hacks of 2023, the MOVEit Transfer attack, keeps adding victims. Three US-based companies have started notifying individuals impacted by the attacks, which are claimed by the Cl0p ransomware gang.

FISC, a data processing and technology services firm, posted a breach notification to the Maine Attorney General, indicating that the attack impacted 753,261 individuals.

According to the company, attackers may have accessed sensitive data such as names, addresses, dates of birth, Social Security numbers (SSNs), driver’s license numbers and other government-issued ID numbers, financial account information, telephone numbers, and payment card numbers.

Meanwhile, Sovos, a tax compliance and business-to-government reporting software maker, informed 181,507 individuals affected by the MOVEit Transfer attacks. The company claims that attackers may have accessed individuals’ driver’s license numbers or other ID numbers.

Another 93,093 victims were added by JFG, a US-based holding company of Johnson Bank and Johnson Insurance. JFG’s breach notification says the MOVEit Transfer data breach may have impacted customers’ names, email addresses, home addresses, phone numbers, account numbers, SSNs, dates of birth, driver’s license numbers, and payment card numbers.

Losing PII poses significant risks to affected people, as impersonators can use the stolen data for identity theft. Sensitive personal data and stolen payment cards can be used to make fraudulent payments.

Who‘s behind the attack?

So far, over 2,000 organizations and 57 million people are confirmed to have been impacted by the MOVEit Transfer attacks, which are claimed by the ransomware gang Cl0p.

The Russia-linked gang goes by a few different names. People in the cyber industry know the syndicate as TA505, Lace Tempest, Dungeon Spider, and FIN11. The gang is quite old having been first observed back in 2019.

Numerous well-known organizations have had their clients exposed in the MOVEit attacks. Recently, TD Ameritrade, a US stockbroker, reported that over 60,000 of its clients were exposed, with Cl0p taking the financial account data of some.

Other named victims include American Airlines, TJX off-price department stores, TomTom, Pioneer Electronics, Autozone, and Johns Hopkins University and Health System, Warner Bros Discovery, AMC Theatres, Choice Hotels’ Radisson Americas chain, and Crowe accounting advisory firm.