A widespread cyberattack, attributed to Russian cybercriminals, has affected numerous U.S. federal government agencies, universities, and private sector organizations worldwide. The attackers exploited a vulnerability in MOVEit Transfer, a secure file transfer software, to gain unauthorized access to sensitive data.
Among the confirmed victims are the U.S. Department of Energy, the University System of Georgia, the University of Georgia, Johns Hopkins University and its affiliated health system, Louisiana's Office of Motor Vehicles, Oregon's Department of Transportation, and international entities like the Nova Scotia provincial government, British Airways, and the British Broadcasting Company. Hundreds of other U.S. companies and organizations are also potentially affected.
The University System of Georgia and the University of Georgia are among the institutions impacted by the cyberattack. (University of Georgia)
The Clop ransomware group has claimed responsibility for the attack. They have publicly called on victims to negotiate a ransom to prevent the leak of stolen data. However, cybersecurity experts warn against trusting the group's promises, as they have a history of unreliability.
The Department of Energy responded swiftly to mitigate the impact of the cyberattack. (Getty)
The Department of Energy confirmed that data from two of its entities were compromised and has notified Congress. They are actively collaborating with law enforcement, the Cybersecurity and Infrastructure Security Agency (CISA), and the affected entities to investigate the incident.
The University System of Georgia (USG) stated that they used MOVEit to manage sensitive data and are investigating the extent of the breach. Upon discovering the vulnerability, USG promptly restricted internet access to the software and implemented a patch provided by Progress Software, the software's developer. They are continuously monitoring the situation and assessing the potential data exposure. Impacted individuals will be notified in accordance with legal requirements.
Johns Hopkins University is another victim of the widespread cyberattack. ((Photo by JHU Sheridan Libraries/Gado/Getty Images).)
Johns Hopkins University and Johns Hopkins Health System acknowledged the breach and stated their initial investigation suggests that sensitive personal and financial information, including names, contact details, and health billing records, may have been compromised.
