Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cybercrime group C10p | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

“We have reached out to the small number of clients whose files were impacted to discuss the incident,” the spokesman said.

A spokeswoman for EY said it learnt of the breach on May 31, when an American firm called Progress that makes MOVEit confirmed the vulnerability in its software. “We immediately launched an investigation into our use of the tool and took urgent steps to safeguard any data,” the spokeswoman said.

The Russia-linked extortion group Cl0p claimed responsibility for the hack, which affected an array of companies and institutions globally including British Airways, the US Department of Energy, energy giant Shell and Johns Hopkins University.

The PwC spokesman said the firm’s investigation had shown its own IT networks had not been compromised. “Data security is a key priority for PwC and we continue to put the right resources and safeguards in place to protect our network,” he said.

PwC bills itself as a safe pair of hands to assist other companies at risk of being hacked, spruiking its “community of solvers” who can help prevent or address breaches in five different areas.

The EY spokeswoman said the vast majority of its systems that use the transfer service were not compromised but the firm was manually investigating where data may have been accessed. “Our priority is to first communicate to those impacted, as well as the relevant authorities,” she said. “Our investigation is ongoing.”

Progress has said it patched the vulnerability within 48 hours, aided clients and drafted in some of the world’s top cybersecurity firms to assist in the response.

More to come.


Click Here For The Original Source.

National Cyber Security