Get Permission
Some Accellion data breach victims have subsequently been extorted, with those not paying seeing their data publicly released by the Clop ransomware gang. This is that group s website.
Software company Accellion has released preliminary findings around the security incident that has stung some customers that used its 20-year-old File Transfer Appliance.
The company says that fewer than 100 customers have been attacked as the result of four now-patched vulnerabilities in the FTA, and that fewer than 25 appear to have suffered significant data theft, according to a news release on Monday.
Accellion s CMO, Joel York, tells ISMG that after the attackers found one vulnerability in the FTA in December, they kept looking and found others in January. (see:
Accellion: How Attackers Stole Data and Ransomed Companies bankinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from bankinfosecurity.com Daily Mail and Mail on Sunday newspapers.
Legal Disclaimer
You are responsible for reading, understanding and agreeing to the National Law Review s (NLR’s) and the National Law Forum LLC s Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.
By Ionut Arghire on February 02, 2021
The Office of the Washington State Auditor (SAO) has disclosed a cybersecurity incident in which the personal information of more than 1 million individuals might have been stolen.
At the heart of the incident, SAO says, was Accellion software used for file transfers. Hackers exploited a security flaw in the file sharing service and gained access to restricted files.
Called FTA (File Transfer Application), Accellion’s service in mid-December received a patch for a critical vulnerability impacting less than 50 customers. The fix was sent to all affected organizations.
Despite that, the vulnerable service has been exploited by hackers to breach the systems of other Accellion customers as well, namely the Reserve Bank of New Zealand and the Australian Securities and Investments Commission (ASIC).