Ameritrade, a well-known financial services firm, has reportedly fallen victim to a series of cyber attacks targeting its MOVEit file transfer application. The cyber assaults were attributed to the Clop ransomware group, which has claimed responsibility and threatened to leak the compromised data. This attack comes just days after another major corporation, EY.com, was also targeted by the same group.
According to threat analysts Dominic Alvieri and Brett Callow, the Clop ransomware gang announced their cyber attacks on Ameritrade and EY.com through a post on Twitter. They have warned that they will release the data soon. Callow further revealed that the number of victims of the MOVEit vulnerability has now risen to 214, affecting a staggering 17,589,273 individuals.
To verify the alleged cyber attack on Ameritrade, The Cyber Express reached out to the company for a response but has yet to receive one. The threat actor’s post, which gained significant attention, explicitly mentioned EY.com and implied that a substantial amount of data, amounting to 3TB, had been exposed. This raises serious concerns about the extent of the breach and the potential damage that could be caused. The group even invited interested parties to contact them via email, hinting at the possibility of selling not just EY.com data, but also data from other compromised companies.
Adding to the alarming situation, TD Ameritrade, a subsidiary of Ameritrade, has also been targeted by the same cyber attack series. The Clop ransomware gang declared their intent to publish a compressed 260GB data set from Ameritrade in a post they shared. They revealed that negotiations for a resolution with Ameritrade had stalled due to a low offer.
The MOVEit vulnerability has proven to be a significant issue, affecting multiple companies. Shell, a global energy company, recently confirmed that they too have experienced a cyber attack through the exploitation of the MOVEit vulnerability. In a statement, Shell acknowledged the breach and expressed their efforts to contact affected parties. They clarified that this incident was not a ransomware attack and assured that no other IT systems within the organization had been impacted.
Furthermore, Middlebury College issued an “Information Security Notice” on June 29, 2023, addressing the recent data breach incidents. The college revealed that two of its vendors, the Teachers Insurance and Annuity Association (TIAA) and the National Student Clearinghouse (NSC), had utilized the vulnerable MOVEit software. Consequently, confidential information belonging to Middlebury students, staff, and faculty members may have been exposed to unauthorized access. Although Middlebury College does not employ MOVEit directly, it shared student and employee information with the vendors, resulting in an unfortunate breach. TIAA and NSC are currently conducting their investigations and will initiate data breach notification processes for all affected individuals.
It is crucial to note that this report is based on internal and external research obtained through various sources. The provided information is for reference purposes only, and readers bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.