In yet another high-profile cyberattack, a data breach has exposed sensitive information belonging to over 760,000 employees of major companies, including Xerox, Nokia, Bank of America, and Morgan Stanley. The breach stems from a vulnerability in the MOVEit file transfer tool, which was exploited by the Russia-affiliated Cl0p ransomware group.

What Happened?

The leak, made public on December 2, 2024, was orchestrated by a threat actor going by the alias "Nam3L3ss", who began releasing what appears to be authentic employee data. This incident follows the broader MOVEit vulnerability exploitation wave, initially discovered in May 2023.

What Was Exposed?

The compromised data includes:

• Full Names

• Phone Numbers

• Email Addresses

• Job Titles

• Employee Badge Numbers

• Workplace Locations

This level of detail could be highly lucrative for cybercriminals looking to carry out social engineering attacks or other targeted threats.

Affected Companies & Employee Count:

Why It Matters?

Experts warn that the exposure of such granular data could result in widespread phishing attempts and other scams targeting both the employees and their organizations. Zack Ganot, Chief Strategy Officer at Atlas Privacy, highlighted the severity, stating:

"Knowing exactly what employee sits on which team, who they report to, what their badge number is, what building they work in, their organizational email and phone number – this is some wild stuff for an attacker looking to exploit an organization."

What’s Next?

Although the affected organizations have not publicly commented, investigations are underway to assess the full scope of the breach. The incident underscores the need for stronger cybersecurity measures, particularly for widely used tools like MOVEit.

This breach follows a pattern of major leaks exploiting file transfer vulnerabilities, impacting thousands of organizations and millions of individuals worldwide.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.