Recent reports suggest that the Clop ransomware group has potentially exfiltrated data of Pennsylvania residents. This comes after the group claimed responsibility for the M&T Bank data breach, which exposed the data of Massachusetts residents. While there is no concrete evidence to support the Pennsylvania data breach yet, it raises concerns about the expanding reach of this cybercriminal group.
The M&T Bank cybersecurity incident was caused by the exploitation of the MOVEit vulnerability. The bank informed its customers about the breach, highlighting the widespread impact it had on various organizations. The financial and services sectors, as well as the education sector, were particularly affected.
The cyber attack on M&T Bank is believed to have given the hackers access to customer data, which in turn led them to target other connected companies. The bank confirmed that limited customer information stored by third-party service providers was compromised. Names, addresses, and bank account numbers were likely exposed to Clop during the data breach. However, the bank stated that sensitive data such as social security numbers, date of birth, or debit/credit card numbers were not exposed.
It is important to note that the bank’s internal systems were not breached by the hackers. Instead, the incident was a result of a vulnerability in the third-party service used by the bank for file transfers. As a precautionary measure, M&T Bank immediately installed security patches after discovering the breach.
Cybersecurity researcher Dominic Alvieri brought attention to the scale of the M&T Bank data breach. He tweeted about Clop ransomware stealing the data of 95,000 M&T Bank residents in Massachusetts, as reported to state officials. Dominic’s update also mentioned the Pennsylvania data breach, which exposed the information of an undisclosed number of residents.
The MOVEit vulnerability has had significant consequences, with over 65 million individuals’ data being exposed to hackers so far. The Clop ransomware group was able to exploit this vulnerability in May 2023, gaining access to the MOVEit file transfer platform. As a result, various sectors, including government, finance, education, and manufacturing, were affected.
Many schools have experienced disruptions, and bank details have been exposed to cybercriminals due to this vulnerability. The ransomware group has been threatening organizations with data leaks unless a ransom is paid. It is crucial for users relying on MOVEit to update their systems and install security patches promptly to prevent further damage.
In conclusion, the Clop ransomware group’s activities have expanded beyond Massachusetts to potentially target Pennsylvania residents. The M&T Bank data breach highlighted the widespread impact of the MOVEit vulnerability and the need for organizations to ensure the security of their systems and data. It is essential for individuals and companies to stay vigilant, update their software, and follow cybersecurity best practices to protect themselves from such cyber threats.
(Note: The information in this article is based on internal and external research obtained through various sources. The accuracy and consequences of using this information are the sole responsibility of the users.)