Gen Digital, the parent company of renowned cybersecurity firms like Avast and Norton, has acknowledged that its employees’ personal data has been compromised in another attack by the Cl0p ransomware group.
The company confirmed the cyberattack on June 20 after being prompted for information, disclosing that sensitive details such as employee names, addresses, IDs, and email addresses had been exposed.
As per Gen Digital’s public notice, which further confirmed that it informed all parties that may have been affected, as well as data protection regulators, “We use MOVEit for file transfers and have remediated all of the known vulnerabilities in the system. When we learned of this matter, we acted immediately to protect our environment and investigate the potential impact. We have confirmed that there was no impact to our core IT systems and our services and that no customer or partner data has been exposed.”
The security breach stemmed from a critical SQL injection flaw, identified as CVE-2023-34362, which was initially an undisclosed vulnerability. The Cl0p ransomware gang exploited this zero-day vulnerability as part of an ongoing campaign.
Despite the release of a patch, the attacks continue unabated, with over 100 companies and organizations falling victim to this targeted assault.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: