This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

MOVEit Transfer (Supply Chain)

Summary

A critical zero-day vulnerability in the MOVEit file transfer software was exploited by the CL0P ransomware gang. This software was used by hundreds of Australian organizations to transfer sensitive data.

Impact

Because this was a supply-chain attack, the attackers did not hack the companies directly. They intercepted files being transferred by the vendor.

Impacted Organizations

The following entities have been confirmed as affected by this specific vendor breach:

  • Medibank
  • PwC Australia
  • Rio Tinto
  • Service NSW
  • Department of Home Affairs
Verification Source: View original statement