Landal Greenparks: MOVEit Breach Exposes Data

Estimated read time 2 min read

Landal Greenparks, a prominent holiday park operator, has recently alerted twelve thousand guests about a potential data breach. Criminals successfully gained unauthorized access to the company’s MOVEit Transfer system, which is used for data exchange, according to a spokesperson for Landal Greenparks. In an email to affected guests, Landal Greenparks disclosed that the attack may have compromised personal information, including names, birth dates, genders, addresses, and email addresses.

MOVEit Transfer is a file exchange application widely used by various organizations for sharing sensitive information internally.

Exploiting a SQL Injection vulnerability, attackers were able to gain unauthorized access to the MOVEit server database, stealing confidential data. Furthermore, the attackers deployed a webshell to maintain access to the compromised system. Exploitation of this vulnerability had already occurred before a patch became available.

On May 31st, developer Progress Software released a security update, advising customers to check their systems for signs of unauthorized access for at least the past thirty days. Due to the severity of the breach, authorities in the United States, Germany, and the Netherlands issued warnings.

Microsoft has attributed the attacks against MOVEit servers to the cybercriminals behind the Clop ransomware. The U.S. government has also issued a warning about potential misuse of this vulnerability by the ransomware group.

This incident serves as a stark reminder of the critical importance of robust cybersecurity measures. Organizations utilizing the MOVEit Transfer system must promptly apply the security update and thoroughly assess their systems for any signs of compromise.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author