Andrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta of FireEye write: Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations…
Search Results for: accellion
Kroger reports Accellion data breach affecting pharmacy records, associate HR data
Updated March 9: This incident subsequently appeared on HHS’s public breach tool as having been reported to HHS on February 19 and impacting 368,100 patients. Brian Planalp reports: Kroger is informing some customers and associates that a third-party software company it uses for data services recently suffered a data breach. Kroger’s own IT systems were not…
Accellion’s data breach left clients in tough position: pay extortion to criminals, or have their data dumped (with updates)
A breach involving Accellion‘s older file transfer application has left a number of its customers in the unenviable position of not only having a data breach to deal with, but with the added threat that their data and their clients’ data will be dumped by threat actors if they do not pay extortion demands. At…
Singtel hit by Accellion security breach, customer data may be leaked
Eileen Yu reports: Singtel says it is investigating the impact of a cybersecurity breach that may have compromised customer data, after it ascertained on February 9 that “files were taken”. The attack had affected a file-sharing system developed two decades ago by a third-party vendor Accellion, which the Singapore telco had used internally and with…
University of Colorado responds to Accellion breach
California-based Accellion has already released statements about a breach they experienced. And they have already been hit with at least one lawsuit over the breach. But we are still first learning about how some of their clients were impacted. Today we learned that the University of Colorado is investigating whether there was any personal, confidential,…
RBNZ says partner Accellion kept it in the dark about data breach
Chris Keall reports: The Reserve Bank was kept in the dark for a crucial five days about a December data breach, Governor Adrian Orr says – contradicting its technology partner’s version of events. The incident – which saw sensitive data stolen – involved a file-sharing service run by US company Accellion. Read more on NZ…