Freely subscribe to our NEWSLETTER

"This latest leak feels unusual and can reveal the amount of personal data cybercriminals possess. The files exposed via a darknet forum contain data allegedly stolen from companies in the MOVEit data breach incident over a year ago.

It is very rare that we see stolen data surfacing 12-18 months after the incident. The motivation of the person or the group behind the recent publication is also unclear. So far, they’ve published employee data stolen from 25 companies from multiple sectors: technology, financial, healthcare, retail, and more. According to security researchers, they claim they are not hackers and collected the data from unsecured open sources, wanting to draw attention to the companies’ negligence in protecting employee privacy. They also claim to possess the data from at least 1,000 more organisations and threaten to keep publishing it over the coming weeks.

It is not typical to see such delayed actions after a breach. Cybercriminals motivated by financial gains are trying to leverage the data they own as soon as they have a chance to do so. For example, the Cl0p ransomware gang associated with the MOVEit breach started to demand ransom for deleting stolen data in less than two weeks after the first security advisory publication. Hacktivists also try to make a big splash and draw attention to their cause as quickly as possible. And when the stolen data is a part of cyber espionage, state actors keep it silent and we rarely see it exposed at all.

The concerning fact is that exposed files contain both personal employee data and internal hierarchy and company structure information. Now that these files are open to other cybercriminals, this knowledge will likely be used for social engineering, phishing attacks, and identity theft. This not only creates risks for the companies or employees directly affected by the leak but also causes ripple effects for their counterparts, partners, and clients."