British
television
watchdog
Ofcom
is
the
latest
victim
of
a
supply
chain
attack
against
document
transfer
service
MOVEit.
The
cyber
attack
against
MOVEit
saw
Russian
ransomware
gang
Clop
exploit
a
critical
zero-day
vulnerability
in
the
company’s
infrastructure.
This
vulnerability
allowed
Clop
to
access
the
networks
of
companies
that
use
MOVEit,
meaning
they
were
able
to
access
and
steal
their
data.
During
the
cyber
attack
against
Ofcom,
confidential
data
on
the
companies
regulated
by
the
organization
as
well
as
the
personal
information
of
412
employees
was
stolen
by
the
Russian
ransomware
gang.
No
Ofcom
systems
were
impacted
by
the
attack.
The
television
watchdog
says
it
takes
the
“security
of
commercially
confidential
and
sensitive
personal
information
provided
to
Ofcom”
extremely
seriously.
Once
the
cyber
attack
was
discovered,
Ofcom
said
it
took
“immediate
action
to
prevent
further
use
of
the
MOVEit
service”,
as
well
as
implementing
appropriate
security
measures
to
prevent
further
breach
of
its
data.
The
organization
also
said
it
“swiftly
alerted”
all
Ofcom-regulated
companies
affected
by
the
attack,
as
well
as
offering
support
to
employees
impacted
by
the
data
breach.
Ofcom
is
the
latest
in
a
range
of
companies
impacted
by
the
MOVEit
data
breach.
Others
affected
include
Health
Service
Ireland
(HSE)
and
Zellis,
a
payroll
provider
for
companies
including
health
and
beauty
retailer
Boots
and
the
British
Broadcasting
Company.
Following
the
cyber
attack
on
Zellis
on
June
5,
Clop
made
a
post
via
the
dark
web
that
urged
all
those
affected
by
the
breach
to
contact
the
gang
by
June
14
or
their
private
information
will
be
posted
online.
Only
employees
who
work
for
local
or
national
government
or
the
police
services
may
be
safe
from
this
threat,
with
Clop
telling
these
employees
to
“not
worry”.
They
continued,
saying
“we
erased
your
data
you
do
not
need
to
contact
us.
We
have
no
interest
to
expose
[sic]
such
information”.
The
legitimacy
of
this
statement
has
been
called
into
question,
however.
About Author
