Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Accellion FTA. Show all posts

Morgan Stanley Faces Data Breach

 

Morgan Stanley has revealed a data breach after attackers hacked into a third-party vendor's Accellion FTA server and stole personal information belonging to its clients. Morgan Stanley is a global financial services corporation that specializes in investment banking, securities, wealth management, and investment management. Corporations, governments, institutions, and individuals from more than 41 countries are among the company's clients. 

In May 2021, Guidehouse, a third-party vendor that offers account maintenance services to Morgan Stanley's StockPlan Connect business, told Morgan Stanley that hackers had accessed its Accellion FTA server and stolen information from Morgan Stanley stock plan participants. In January, an Accellion FTA vulnerability was exploited on the Guidehouse server, however, the vendor patched it within five days of the fix becoming available. 

The breach was detected in March, and the impact on Morgan Stanley customers was identified in May when Guidehouse notified the financial services company of the incident. No indication of the stolen data being disseminated online by the threat actors was uncovered. "There was no data security breach of any Morgan Stanley applications," Morgan Stanley said in data breach notification letters sent to impacted individuals. "The incident involves files which were in Guidehouse’s possession, including encrypted files from Morgan Stanley." 

Despite the fact that the stolen files were encrypted and stored on the compromised Guidehouse Accellion FTA server, the threat actors gained the decryption key as part of the attack. The files stolen from Guidehouse's FTA server did not contain any passwords or credentials that threat actors may use to obtain access to impacted Morgan Stanley customers' financial accounts, according to the company. 

"The protection of client data is of the utmost importance and is something we take very seriously," a Morgan Stanley spokesperson said. "We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients."

While the identity of the attackers was not revealed in Morgan Stanley's data breach notification, a joint statement released in February by Accellion and Mandiant offered more insight on the attacks, directly attributing them to the FIN11 cybercrime group. The Clop ransomware group has also stolen data from many firms by using an Accellion FTA zero-day vulnerability (disclosed in December 2020). According to Accellion, approximately 300 clients used the 20-year-old antiquated FTA software, with less than 100 of them being hacked.

City of Toronto Hit by a Potential Cyber Breach

 

A possible cyber breach from a third-party data transfer software supplier was reported by the City of Toronto on 22nd January 2021. The City took effective measures to halt all the applications that day, while research was promptly initiated by the Chief Information Security Officer of the City to assess the types of data potentially breached. 

The City has documented the infringement to the Commissioner for Information and Privacy of Ontario and had further interacted with everyone whose information might be infringed. Also, additional jurisdictions or organizations in Ontario and across the globe recently reported that this sort of cyber-breach has also affected them. 

The City of Toronto claims that in January, there was a "potential cyber breach" of data on its Accellion FTA file transmission servers that could include individual health details. 

Later, IT World Canada was assured by City workers that Accellion was involved. There had been a problem in the city on January 22nd. A city spokesperson said that the CISO office was examining and released a report only on the 20th of April, on being asked why and how the event had taken until now to be made public – “It takes time to reach any sort of conclusion given the legacy system that was breached, and the extent of investigation required,” the spokesperson said. 

The representative added that they are still investigating exactly how many folk details were revealed. In addition, the city hasn't submitted a ransom application and it is not known either that if a ransom demand has been obtained as a consequence of this violation. 

In its statement, the city said it “took immediate action and shut down access to the software that day, and the city’s chief information security officer immediately launched an investigation to determine the type of data that may have been compromised.” 

In all cases whereby personal health data are affected, the city must notify the IPC. The IPC has been informed since personal health information is potentially accessible. In its attempts to safeguard the privacy and welfare of Toronto people, Toronto has effectively stopped cyber threats regularly. 

In February, cybersecurity agencies across five countries released a global warning to organizations that have transferred their Accellion FTA files after several organizations have admitted that bugs in the program are being compromised at the beginning of this year. Publicly known victims include Shell, the oil supplier, Bombardier, and the pharmaceutical operation of the US retail chain, the Canadian company jet maker.