The cyberattack against the UK telecoms regulator reportedly jeopardised the personal information of 412 employees, as well as confidential data from various companies that Ofcom regulates
Today, Ofcom has confirmed that it is among an increasing number of companies to fall victim to a ransomware attack by cybercriminal organisation Clop, thought to be based in Russia.
Over the past couple of weeks, numerous companies including the BBC, British Airways, and Boots have announced that they have had sensitive data stolen by the ransomware group, affecting over 100,000 staff in total. In some cases, the data accessed included sensitive payroll.
Now, Ofcom says that it too has fallen victim to this cyberattack, resulting in the personal information of 412 employees being accessed, as well as confidential data belonging to companies being regulated by Ofcom.
Payroll data was not accessed in Ofcom’s case, according to reports.
In the attack on Ofcom, as was the case for the previously announced attacks, the breach relates to vulnerabilities in MOVEit, software being used by organisations to transfer sensitive information.
Researchers reportedly discovered a critical vulnerability on this software back in May, with attempts to exploit this vulnerability reportedly being revealed just a month later. However, it seems these revelations came too late to stop Clop from targeting major companies around the world.
Nonetheless, Ofcom says it has reacted quickly to minimise the impact of the attack, as well as notifying the Information Commissioners Office.
“A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack,” said Ofcom in a statement. “The security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously. We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.”
According to reports, Clop is threatening to begin publishing the sensitive data of affected companies later this week if they are not paid a ransom fee. The scale of the ransom has not been made public.
Ransomware attacks such as this have been increasing at a meteoric rate in recent years, fuelled by an influx of new cybercriminal organisations and the expansion of existing operations since the onset of the coronavirus pandemic.
“Cyber extortion activity has reached a new high in the first quarter of 2023 and the recent MOVEit data breach is a stark reminder that threat actors are always on the lookout to wreak havoc. In this case, companies using the MOVEit software became potential targets as it appears that hackers affiliated with the Cl0p group orchestrated a mass attack to find and compromise their servers,” explained Charl Van Der Walt, Head of Security Research at Orange Cyberdefense.
“Accounting for a staggering 36% of all victims in 2022, it is not surprising that large organisations are becoming a preferred target for cyber extortion due to handling thousands of pieces of personal data. Whilst this remains true in the case of the MOVEit breach, medium and small sized organisations are not safe either, as cyber criminals are opportunistic by nature.”
Is the global telecoms industry doing enough to protect their customers’ personal data from ransomware attacks? Join the telecoms community as they discuss the hottest issues in cybersecurity at this year’s Total Telecom Congress live in Amsterdam, the Netherlands
Also in the news:
Final bids for TIM’s fibre network expected tomorrow
Let’s talk about the symbiotic relationship between data centers and submarine cables
Mexico’s high 5G spectrum price could see Telcel the only bidder in latest auction