Landal Greenparks, a prominent holiday park operator, has recently alerted twelve thousand guests about a potential data breach. Criminals successfully gained unauthorized access to the company’s MOVEit Transfer system, which is used for data exchange, according to a spokesperson for Landal Greenparks. In an email to affected guests, Landal Greenparks disclosed that the attack may have compromised personal information, including names, birth dates, genders, addresses, and email addresses.
MOVEit Transfer is a file exchange application widely used by various organizations for sharing sensitive information internally.
Exploiting a SQL Injection vulnerability, attackers were able to gain unauthorized access to the MOVEit server database, stealing confidential data. Furthermore, the attackers deployed a webshell to maintain access to the compromised system. Exploitation of this vulnerability had already occurred before a patch became available.
On May 31st, developer Progress Software released a security update, advising customers to check their systems for signs of unauthorized access for at least the past thirty days. Due to the severity of the breach, authorities in the United States, Germany, and the Netherlands issued warnings.
Microsoft has attributed the attacks against MOVEit servers to the cybercriminals behind the Clop ransomware. The U.S. government has also issued a warning about potential misuse of this vulnerability by the ransomware group.
This incident serves as a stark reminder of the critical importance of robust cybersecurity measures. Organizations utilizing the MOVEit Transfer system must promptly apply the security update and thoroughly assess their systems for any signs of compromise.
