MOVEit-Linked Data on 760,000 Xerox, Nokia, BofA, Morgan Stanley Employees Leaked Online 

• Hackers published sensitive data belonging to employees of Xerox, Nokia, Bank of America, Morgan Stanley, and more on a dark web forum.
• The leak is apparently connected to Russian-affiliated Clop Ransomware and the Nam3L3ss forum user.
• The latest stolen database adds over 760,000 employee records to the already extensive MOVEit-linked breach.

The personal information of hundreds of thousands of employees from major corporations, including Xerox, Nokia, Koch, Bank of America (BofA), Morgan Stanley, and others, has surfaced online following a massive data breach. 

The accessibility of detailed employee information could facilitate subsequent targeted phishing attacks, identity theft, and other malicious activities. This breach has been attributed to the exploitation of the MOVEit file transfer tool's vulnerabilities, a critical security incident that began in May 2023.  

The entity responsible for this recent leak, operating under the alias "Nam3L3ss," began publishing sensitive employee data on a prominent cybercrime forum on Monday morning. These new revelations come after the same group disclosed data connected to Amazon employees last month.  

The latest database adds over 760,000 employee records to the already extensive MOVEit-linked breach. This dataset reportedly includes names, phone numbers, email addresses, job titles, employee badge numbers, usernames, and job locations.  

Atlas Privacy, a firm specializing in data removal, has confirmed the data's authenticity. Using their breach database service, Atlas Privacy identified the following details within the leaked records involving employees from multiple high-profile organizations listed on the cybercrime forum BreachForums.

Among them are 42,735 Xerox employees, 237,487 Koch Industries employees, 94,253 Nokia employees, 288,297 Bank of America employees, 2,141 Bridgewater Associates employees, 32,861 Morgan Stanley employees, and 62,349 JLL employees.

Zack Ganot, Chief Strategy Officer at Atlas Privacy, stated, "This data is a goldmine for social engineering. Knowing exactly what employee sits on which team, who they report to, what their badge number is, what building they work in, their organizational email, and their phone number – this is some wild stuff for an attacker looking to exploit an organization."   

The ongoing fallout began when the Russian-affiliated Cl0p ransomware group initiated the exploitation of Progress Software's MOVEit file transfer tool in May 2023. This critical security flaw allowed Cl0p to gain unauthorized access to thousands of organizations, exfiltrating massive amounts of sensitive data from millions of individuals globally.

Despite months passing since the initial wave of attacks, this breach appears to continue evolving, with fresh datasets emerging as attackers reportedly unearth additional compromised information linked to the MOVEit vulnerability.