EY Data Breach Exposes 30,000 Bank of America Customers

Ernst & Young (EY), a global accounting and professional services firm, has verified that over 30,000 Bank of America customers were affected by MOVEit Transfer attacks. The data breach exposed sensitive financial information, including account details and credit card numbers. EY has started notifying the impacted individuals and has been providing them with identity theft protection services for two years.

The MOVEit Transfer Attack and Data Exposed

In late June, EY fell prey to the MOVEit Transfer attacks planned by the Cl0p ransomware gang. The attackers exploited a now-patched zero-day vulnerability in the MOVEit Transfer software through a Structured Query Language (SQL) injection attack. This technique allows attackers to insert malicious code, manipulating the behavior of a database. While EY and Bank of America’s internal systems remained unaffected, a significant amount of sensitive data might have been exposed.

The exposed data may include:

  • First and last names
  • Addresses
  • Financial account information
  • Debit or credit card numbers
  • Social Security numbers
  • Government-issued ID numbers

Potential Consequences of the Data Breach

Cybercriminals can potentially utilize stolen information for various fraudulent activities, such as identity theft, phishing attacks, unauthorized purchases, opening new credit accounts, and obtaining loans under false pretenses. Experts warn that even seemingly insignificant pieces of personal information can be pieced together to cause severe damage.

Cl0p’s MOVEit Transfer attacks have impacted more than 620 organizations and over 40 million individuals. EY, Deloitte, PwC, and other major accounting firms were among the victims. Cl0p claims to have stolen three terabytes of EY’s data, which includes a range of information from financial reports to passport scans. Bank of America is offering affected clients a two-year membership in an identity theft protection service to mitigate potential risks.

Ongoing Concerns and Widespread Impact

The extensive and successful nature of the MOVEit Transfer attacks has raised concerns within the cybersecurity community. Given the substantial ransom payouts often involved and the significant number of impacted organizations, Cl0p’s operations might have already generated millions of dollars. The attack showcases the possibility of supply-chain hacks, with a single vulnerability providing access to a multitude of companies, encouraging other criminal groups to attempt similar exploits.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *

Microsoft AI Researchers Accidentally Leaked 38 Terabytes of Private Data

Ukrainian Hackers Allegedly Leak Emails of Russian Parliament Deputy Chief

Marina Bay Sands Data Breach Shakes 665,000 Customers

LinkedIn Account Hacks: Widespread Hacks Spark Concern Among Users