There are known security gaps in the data exchange software MOVEit Transfer from the manufacturer Progress. Attackers have misused the vulnerabilities of the price comparison portal Verivox in order, among other things, to copy sensitive personal data from users.
Verivox provides information about the cyber incident with an entry on the company website. On May 31, Verivox was informed about the critical vulnerability in MOVEit Transfer and immediately took the MOVEit environment offline. A subsequent forensic investigation came to the conclusion that prior to the shutdown, unauthorized data had been stolen using the security gap.
Verivox: Personal user data leaked
The company goes on to say that personal data from users is also among the copied data. “What we know at this point is that personal data containing an e-mail address was primarily affected (name, address, e-mail address). In certain cases, bank details were also affected (name, address, e-mail address, IBAN)”, explains Verivox in the customer information.
The company continues: “We immediately informed the authorities about the loss of data and a comprehensive forensic examination of the incident and the stolen data is currently being carried out with the help of external specialists. We completely reinstalled the affected server without the file transfer software MOVEit Transfer and our tightened security measures”.
For further measures, Verivox relies on BSI recommendations, for example to check whether the data has appeared publicly in the event of a data leak. The company refers to the Identity Leak Checker from the Hasso Plattner Institute and the Have I Been Pwned project. However, it is unlikely that data that cyber criminals have copied from Verivox will already appear there. The masterminds would thus gamble away their blackmail bases.
Furthermore, Verivox recommends keeping an eye on account movements and credit card statements and informing your own bank about the incident. In the event of suspicious activity, those affected should contact their bank immediately. Verivox has set up an e-mail address [email protected] for queries. It is currently unclear whether affected customers will be informed individually or whether the notice on the website should be sufficient.
Most recently, Progress patched a third critical vulnerability in MOVEit Transfer with updates within just a few days, as was announced last weekend. The cybergang Cl0p, which has been experimenting with one of the vulnerabilities for around two years, has apparently been able to copy large numbers of sensitive company data from numerous providers.
At the end of last week, the cybercriminals started naming affected companies on their website in order to increase the pressure on them. Cl0p extorts ransom money in return for allegedly deleting the data after payment.