The University of California is warning its students and staff that a ransomware group might have stolen and published their personal data and that of , government agencies and companies nationwide.

read more

The FIN11 hacking group has published on their leaks website files that were allegedly stolen from oil and gas giant Shell, likely during a cyber-security incident involving Accellion’s File Transfer Appliance (FTA) file sharing service.

Last week, Shell revealed that it was one of the organizations affected by the Accellion cyber-attack, confirming that attackers were able to steal both corporate data and personal information pertaining to its employees.

Some of these files -- including passport copies, an evaluation report and a document written in Hungarian -- are now public on a Tor-based website where hackers who conduct Clop ransomware attacks leak stolen information.

At the time of the attack on Accellion’s FTA, the soon-to-be-retired service had roughly 300 customers, with up to 25 of them believed to have suffered significant data compromise. The impacted organizations include Qualys, Kroger, Jones Day, Bombardier, and the Office of the Washington State Auditor (SAO).

Data stolen from some of these organizations ended up on FIN11’s leaks website on the Tor network, alongside files supposedly stolen from multiple educational institutions, such as University of Miami, Yeshiva University, University of Maryland, University of California, University of Colorado, and Stanford University.

In a breach notification published on March 26, the University of Miami confirmed impact from the Accellion incident, claiming that the file sharing service “had been used by a small number of individuals at UM to transfer files too large for email,” and that the use of the service has been discontinued.

The FIN11 hackers published on their leak website data pertaining to patients of the University of Miami Health System, UHealth. The leaked information includes names, phone numbers, and email addresses, alongside other data.

“We understand that the Accellion security incident affected multiple federal, state, local, tribal, and territorial government organizations, as well as private industry organizations and businesses including those in the medical, legal, telecommunications, finance, higher education, retail, and energy sectors,” the university said in its breach notification.

Related: Attacks Targeting Accellion Product Linked to FIN11 Cybercrime Group

Related: Enterprise Solutions Provider 'Software AG' Hit by Clop Ransomware

Tweet

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:

China-Linked 'Cycldek' Hackers Target Vietnamese Government, Military

CISA, FBI Warn of Attacks Targeting Fortinet FortiOS

VMware Patches Critical Flaw in Carbon Black Cloud Workload

Financial Sector Remains Most Targeted by Threat Actors: IBM

DHS Gives Federal Agencies 5 Days to Identify Vulnerable MS Exchange Servers

2021 CISO Forum: September 21-22 - A Virtual Event

2021 Singapore/APAC ICS Cyber Security Conference [Virtual: June 22-24]

2021 ICS Cyber Security Conference | USA [Hybrid: Oct. 25-28]

Virtual Event Series - Security Summit Online Events by SecurityWeek

sponsored links

Tags:

• NEWS & INDUSTRY
• Cybercrime