US utility giant says MOVEit hack exposed stolen data

News
By published

Data stolen in May 2023 have now been released online

Data leak
(Image credit: Shutterstock)
  • PLL Electric Utilities confirms data leaked online
  • It was stolen from a third-party vendor during MOVEit hack
  • No banking or payment information was leaked

It has been almost two years since the MOVEit MFT data breach fiasco, but businesses and their customers are still feeling the consequences.

PLL Electric Utilities is the latest to confirm information stolen back in 2023 has now been leaked online, as one of its vendors was exposed through MOVEit.

“The information did not extend beyond basic information such as name, address, phone number, email address and account number,” a company spokesperson said. Banking or credit card information, social security numbers or account passwords were not disclosed, since PPL did not share this data with the compromised vendor in the first place - but the information can still be used in phishing attack, identity theft, social engineering, and more.

Millions of victims

“This issue is completely unrelated to PPL’s systems and critical infrastructure across all our service areas,” the company said.

The 2023 MOVEit data breach was a large-scale cyberattack exploiting a zero-day vulnerability in MOVEit Managed File Transfer, a file transfer software built by Progress Software. It was discovered in late May 2023, when the flaw allowed attackers to execute SQL injection attacks and gain unauthorized access to sensitive data.

Ransomware actors known as Cl0p were the ones exploiting the bug to steal data from organizations worldwide. The attack impacted more than 600 organizations and roughly 40 million individuals, including governments, financial institutions, healthcare providers, and major corporations. Among more notable victims are U.S. federal agencies, British Airways, Shell, and BBC.

The Cl0p ransomware gang is estimated to have extorted between $75 million and $100 million. Despite a low percentage of victims opting to pay, the group secured substantial sums from a select few who met their high ransom demands.

Via The Record

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
59 organizations reportedly victim to breaches caused by Cleo software bug
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Blood donation firm reveals donor personal data stolen in cyberattack
Insurance
Globe Life data breach may have affected 850,000 more patients than previously thought
Latest in Security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
Latest in News
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Apple Watch Ultra 2 timer
The Apple Watch is getting a sleep alarm upgrade it probably should have had 10 years ago
Nikon Z5
The Nikon Z5 II could land soon – here's what to expect from Nikon's rumored entry-level full-frame camera
Google Pixel Watch 3
Google Pixel Watches hit with delayed notifications, crashing, and performance issues following Wear OS 5.1 update
More about security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Grok Image Edits

I tried Grok’s new AI image editing features – they’re fun but won’t replace Photoshop any time soon
See more latest
Most Popular
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
Teenager playing on a gaming PC with two monitors
Samsung's OLED monitors are about to get much cheaper - and it's about time
Apple Watch Ultra 2 timer
The Apple Watch is getting a sleep alarm upgrade it probably should have had 10 years ago
Nikon Z5
The Nikon Z5 II could land soon – here's what to expect from Nikon's rumored entry-level full-frame camera
Google Pixel Watch 3
Google Pixel Watches hit with delayed notifications, crashing, and performance issues following Wear OS 5.1 update
Frank Castle pinning Matt Murdock against a locker in Daredevil: Born Again episode 4
What time is Daredevil: Born Again episode 5 going to be released on Disney+?
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds