List of victimized companies of MOVEit Cyber Attack


At the end of May 2023, a Zero Day vulnerability was discovered by risk analysing firm Kroll and on June 7th of this year, Clop ransomware gang published on its blog that they have gained access to the servers of MOVEit software via Zellis Payroll software and urged the victims to contact via the blog post, as their email response could go at snail pace as the number of victims related to the incident was large.

Going forward, let us list out the victims who have been impacted by the attack after the hack-ers gained control of Moveit file transfer software worldwide, a business unit of Progress Software. And more to be added to the list after confirmation.

  1. The US Department of Energy,
  2. Shell company,
  3. First National Bankers Bank
  4. Putnam Investments
  5. Datasite
  6. Swizz Insurance company ‘OKK’
  7. Leggett & Platt
  8. Multinational firm PricewaterhouseCoppers(Pwc)
  9. Ernst & Young
  10. Health Services Ireland
  11. BBC
  12. British Airways
  13. Boots Retail
  14. Medibank
  15. Rochester Hospital
  16. GreenShield Canada
  17. Datasite
  18. National Student Clearinghouse
  19. United Healthcare Student Resources
  20. University System of Georgia
  21. German brand Heidelberg
  22. Aer Lingus
  23. Government of Nova Scatia
  24. Johns Hopkins University
  25. Ofcom Britain
  26. Transport for London (TfL)
  27. Ernst and Young
  28. Gen Digital, the parent company of Avast, Norton, AVG, Avira and LifeLock
  29. New York City Department of Education attack impacted about 45k students
  30. Siemens Energy
  31. Schneider Electric
  33. Dublin Airport staff info leak,
  34. Allegiant Air
  35. American Airlines
  36. Irelands commission of Communications Regulation
  37. Estee Lauder
  38. Sierra Wireless
  39. Bluefin Payment System
  40. TJX Companies
  41. Ventiv Technology
  42. Vitality Group International
  43. University of Alaska
  44. University of Colorado
  45. University of Dayton
  46. University of Delaware
  47. University of Idaho
  48. University of Illinois
  49. University of Loyola
  50. University of Missouri
  51. University of Oklahoma
  52. University of Rochester
  53. University of Southern Illinois
  54. University of Utah
  55. University of Wake Forest
  56. University of Washington State
  57. Webster University
  58. PBI Research Service
  59. Teachers Insurance and Annuity Association
  60. Honeywell
  61. American Multi Cinema Inc aka AMC Theatres
  62. Warner Bros
  63. Discovery
  64. Raddison Americas
  65. Crowe
  66. ING Bank
  67. Deutsche Bank
  68. Postbank
  69. Maximus
  70. Serco Inc
  71. Aristocrat
  72. Data Media Associates aka DMA
  73. Clorox ( yet to be confirmed officially),
  74. Colorado Department of Health Care Policy & Financing(HCPF).
  75. UMass Chan Medical School of Massachusetts health.
  76. Government of Nova Scotia, Canada
  77. Pole Emploi, France

NOTE- Microsoft has confirmed the presence of Clop ransomware suspects, linked to Russian intelligence behind the incident and reaffirmed that health organizations and financial institutions could be the next target of the notorious file encrypting malware spreading gang that is into double extortion. And in the latest MoveIt software attack, the gang is suspected to have raked around $100m as ransom from its long list of victims.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display