HQ/EMEAFind out how we can help your business
Gen Digital, the multinational software company that owns CCleaner, has confirmed that hackers stole personal data from its paying customers after falling victim to the widespread MOVEit hack in May.
The company explained in an email notification to its customers that the breach happened by exploiting a vulnerability within the widely used MOVEit file transfer tool employed by numerous organisations, including CCleaner, to aid the secure transfer of sensitive data across the internet.
The confirmed impacted information includes customer names, contact details, and purchased product details. Gen Digital’s spokesperson admitted that the breach affected the customers’ phone numbers, email addresses, and billing addresses. However, they have yet to specify a specific number of affected individuals despite claiming that the attack compromised 2% of all their users.
On the other hand, Gen Digital did not provide a detailed breakdown of its CCleaner user numbers. Still, it claims to have approximately 65 million paid customers across its cybersecurity portfolio, which includes CCleaner.
CCleaner receives backlash for the delay of disclosure about the breach.
The widespread MOVEit file transfer tools exploit started in May, but CCleaner has only recently notified its users about the hack. This cybercriminal spree is one of the most extensive hacks of the year regarding the number of victims.
This previously unseen vulnerability allowed the Clop ransomware to access sensitive data from thousands of organisations utilising internet-connected systems. Researchers monitoring these mass hacks report that more than 2,500 organisations have confirmed MOVEit-related data breaches since May, potentially impacting at least 66 million individuals.
Interestingly, the ransomware group has yet to include in their dark web leak site the CCleaner, but a previous listing for Norton LifeLock, another brand under Gen Digital, appeared on August 14, with Gen Digital stating that the incident was limited to the personal information of its employees and contractors, with no customer or partner data exposed.
This detail could relate to CCleaner’s latest issue as both companies are under one developmental entity that governs their stored data. This issue has made CCleaner users susceptible to other cybercriminal attacks, such as phishing and scams.
Every one of their users should be more cautious with unsolicited emails since other threat groups could have acquired the stolen information to execute their malicious activities.
