At a glance.
- The list of MOVEit hack victims continues to grow.
- Nickelodeon says breach contained decades old data.
- What nonprofits need to know about world privacy protections.
The list of MOVEit hack victims continues to grow.
The mass-hack of MOVEit’s popular file transfer application continues to impact organizations worldwide, and TechCrunch reports that several organizations announced this week that sensitive data were exposed in MOVEit-related breaches. Emsisoft threat analyst Brett Callow says the exploitation of the MOVEit bug has impacted over two hundred organizations, leading to thirty-three breach disclosures and the compromise of the data of over 17.5 million individuals. This week multinational oil and gas giant Shell stated that the exploitation of the MOVEit tool, which was “used by a small number of Shell employees and customers.” led to the exposure of “some personal information relating to employees.” The ransomware group taking credit for the hacks, Cl0p, says they have released data stolen from Shell after the company refused to meet the cybercriminal’s ransom demands (though the links to said data appear to be broken). First Merchants Bank, a US financial holding company, also disclosed this week that a MOVEit breach compromised sensitive customer data including addresses, Social Security numbers, usernames, payee information, and financial account information. Several US learning institutions have also disclosed they were impacted in MOVEit hacks targeting the National Student Clearinghouse and the Teachers Insurance and Annuity Association of America, and Callow believes “it’s possible that the majority of schools in the U.S. will also have been impacted.”
Nickelodeon says breach contained decades old data.
Nickelodeon has confirmed that data leaked in June does belong to the US family television network, but at least a portion of it appears to be decades old. After rumors surfaced that a data breach targeting the network had occurred in January, images of the allegedly stolen data, reportedly leaked on Discord, began appearing on social media last month. That said, the age of the data indicates the bounty is not likely the product of a recent breach. Nickelodeon told Bleeping Computer they are aware of the leak and are investigating. "The alleged leaked content appears related to production files only, not long-form content or employee or user data, and some of it appears to be decades old," a spokesperson stated. The only question is, was the leaked info “Blue’s Clues” old, or “Double Dare” old?
What nonprofits need to know about world privacy protections.
Recent years have seen global governments passing an ever-evolving slate of privacy rules and protections, and JDSupra offers a primer for nonprofit organizations looking to navigate privacy laws in various regions of the world. In the US, a complicated web of federal and state laws create a layered regulatory framework. There are sector-specific federal laws like the Health Insurance Portability and Accountability Act and the the Gramm–Leach–Bliley Act, which covers financial data. States like California, Virginia, Colorado, and Connecticut have already implemented their own privacy laws, and Texas, Tennessee, Montana, Iowa, and Indiana are anticipated to establish their own legislation next year. As well, Congress is considering several federal-level measures like the Information Transparency and Personal Data Control Act and the SAFE DATA Act. In the EU, the General Data Protection Regulation (GDPR) offers a comprehensive, bloc-wide framework, and despite the fact that the UK is no longer an EU member state, it largely adheres to the GDPR as well. In China, several measures on cybersecurity and data privacy have been passed in recent years, including the China Cybersecurity Law, Data Security Law, and Personal Information Protection Law (PIPL). Any foreign association with a presence in China must adhere to PIPL, and even if there’s no established presence, PIPL applies to most organizations that collect personal data on Chinese citizens.