The New York City Department of Education says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.
The Clop ransomware gang has claimed responsibility for the CVE-2023-34362 MOVEit Transfer attacks on June 5 in a statement shared with BleepingComputer, with the cybercrime gang saying it breached the MOVEit servers of “Hundreds of companies.”
The Clop gang began extorting organizations affected by the MOVEit data theft attacks almost two weeks ago, on June 15, by publicly listing their names on Clop’s dark web data leak site.
Progress warned MOVEit Transfer customers last week to restrict HTTP access to their servers after info on a new SQL injection security flaw was published online.
Millions of Oregon, Louisiana state IDs stolen in MOVEit breach.
MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed.
