- Bank of America Clients Hit by Clop-Driven Breach: Over 30,000 Compromised - September 7, 2023
- British Teens Behind Global Cyberattacks - September 7, 2023
- A tour of the Japan’s Defense Networks is a Part of the Chinese Tour - September 7, 2023
In a digital duel that seems straight out of a tech thriller, the renowned audit and consultancy titan, Ernst & Young (EY), has recently confirmed a data breach impacting more than 30,000 Bank of America customers. The breach, revealed on May 31, stemmed from yet another cyberattack targeting the MOVEit Transfer system, a medium for transmitting sensitive files.
While internal systems remained untouched, sensitive client data did not share the same fortune. The notorious Clop hacker collective swiftly claimed the act, boasting about capitalizing on the MOVEit vulnerability – a soft spot that has plagued numerous organizations globally.
The cache of exposed data is extensive: names, addresses, financial credentials, credit/debit card details, social security particulars, and even scanned copies of passports and government IDs. A bold claim from Clop suggests possession of a whopping three terabytes of this data.
Such information paves the way for myriad fraudulent ventures, spanning phishing campaigns to unauthorized credit pursuits and deceitful credit attainment.
EY, in a bid to cushion the blow, announced Bank of America’s plan to offer its beleaguered clients a complimentary two-year subscription to its Identity Theft Protection Service. With a clear note of caution, the letter to the affected clients urged regular scrutiny of their financial statements and credit histories.
The technical crux of this breach? SQL injection – a notorious technique allowing malevolent code insertion that tweaks database operations. The peril doesn’t end there; such vulnerabilities often pave the way for ensuing cyber onslaughts.
The echoing success of Clop might inadvertently inspire other dark-web denizens. The group’s audacious cyber endeavors aren’t limited to Bank of America. Recent headlines spotlighted TD Ameritrade’s 60,000 customers’ data breach, while American Airlines, Honeywell, Warner Bros Discovery, and a slew of other enterprises too, find themselves in Clop’s digital crosshairs.
Considering the group’s staggering average ransom demand exceeding $250,000 and a mere 10% compliance rate, Clop’s illicit earnings potentially run into millions.