The recent cyber attack through the MOVEit vulnerability has resulted in yet another data leak, impacting over 900 organizations since May of this year. One of the victims of this attack is the Canadian Imperial Bank of Commerce (CIBC), a personal services corporation based in Toronto, Canada.
Security researchers were the ones who first posted about the CIBC cyber attack, highlighting the exploitation of the MOVEit vulnerability. The CIBC National Trust Company also confirmed in a notice of privacy that they had indeed experienced a security breach.
Despite the cyber attack, the website of the bank remained accessible when checked by The Cyber Express, a news outlet covering cybersecurity incidents. Reporters from The Cyber Express reached out to CIBC officials for comments regarding the cyber attack’s impact on its US division, but no response has been received as of yet.
In response to the data breach, CIBC on behalf of its Private Wealth Management Service (CIBC PWM) filed a letter alerting users of the incident. The breach originated from a third-party cyber attack on a service named Pension Benefit Information (PBI). Hackers from the Clop ransomware group took advantage of the vulnerability in MOVEit, a file transfer platform, to gain unauthorized access to connected third-party platforms, including PBI Research Services.
Since CIBC accessed services offered by PBI Research Services, it was also exposed to the hackers. In the Notice of the Privacy Incident filed by CIBC, it was stated that the financial service organization became aware of the PBI cyber attack on July 24, 2023. The letter emphasized that although personal information accessed by the hackers was provided to their third-party payment processor without authorization, CIBC’s systems themselves remained secure.
The letter urged users to remain vigilant about monitoring their account statements and credit reports for the next two years in order to ensure the security of their personal information. However, CIBC had no evidence to suggest any misuse of the accessed information at the time.
Another company impacted by the MOVEit ransomware attack was Milliman, a provider of services to employee benefit and pension plan sponsors based in Seattle, Washington. Like CIBC, Milliman also availed services offered by PBI, which facilitated the unauthorized access to their user data. The clients of Milliman, which include Macy’s, Memorial Health System, Motion Picture Association, National Geographic Society, NY Daily News Enterprises, and Burger King among others, were also affected by the cyber attack.
According to a report by Emsisoft, the MOVEit file transfer data breach has impacted over 58 million individuals based on the disclosures made by organizations. However, it is suspected that the actual number of impacted individuals is higher, as more disclosures are expected to be made.
Threat Analyst Brett Callow, who has been closely following the MOVEit cyber attack, tweeted that at least 42 organizations have been impacted by the PBI cyber attack. The majority of victims were U.S.-based organizations, accounting for 83.9% of all known victims, followed by Germany at 3.6%, and Canada at 2.6%. The finance sector was the most targeted in these attacks, according to the report.
The Clop ransomware group, responsible for the cyber attack, has been actively naming organizations on its website, with the list of targeted organizations reaching over 60. The group claimed to possess a large amount of financial reports and accounting documents, as well as personal identification documents such as passport and visa scans.
This report is based on a combination of internal and external research obtained through various means. The information provided is for reference purposes only, and users are advised to take full responsibility for their reliance on it. The Cyber Express, the source of this report, assumes no liability for the accuracy or consequences of using this information.