Aon data breach: MOVEit data hack exposes major corporations

With the MOVEit hack happening in June 2023, more companies continue to confirm that their data has been left compromised as a result of leaks

In the wake of Aon being embroiled in the MOVEit data hack, masses of data from notable organisations has been compromised.

Aon has been a victim of a third-party data breach through the file-transfer platform MOVEit with information from around 100 of its clients being published online. Clients affected include Dublin Airport, British Airways and Siemens Energy, to name a few.

This information comes in the wake of IT Governance confirming in May 2023 that more than 98 million records were compromised by cyber attacks worldwide - a 97% increase against May 2022 and a 2,156% increase from April 2023.

Compromised data as a result of global hacks

Dublin Airport confirmed that it was impacted by the breach, with a spokesperson telling The Times: “DAA can confirm that as a result of a recent cyber-attack on Aon, a third-party professional service provider, data relating to some employees' pay and benefits was compromised.”

Some financial information linked to Dublin Airport staff has been compromised by the cyberattack on provider company Aon. Whilst the airport has publicly attributed the cyberattack to Aon, the company itself has not issued a public statement at the time that this article is published.

The MOVEit hack has targeted a wide range of entities, including US government agencies, the UKs telecom regulator Ofcom, Shell Oil, and the University of California, Los Angeles, all of which have publicly confirmed data breaches.

Even energy technology company Siemens Energy acknowledged it had fallen victim to the vulnerability. In addition, French engineering company Schneider Electric has said that it was investigating its systems for any signs of the attack, following claims that its systems had been breached by those behind the hacks.

Corporations and federal agencies continue to be targeted

Cl0p, a ransomware group that has been linked to Russia, has since claimed responsibility for the hack. It has been exploiting a security flaw in MOVEit Transfer, a tool used by businesses to transfer files.

The US Cybersecurity and Infrastructure Security Agency (CISA) said last month that multiple US federal agencies were also being targeted, further confirming that this is a huge cyberattack on global data.

This type of hack on global businesses speaks to wider concerns about increased cyber threats and the warfare on online security systems. 

Another example from 2023 is that approximately 90 organisations disclosed breaches of personal information following a cyber-attack on Capita, a prominent outsourcing group. The incident, much like the MOVEit hack, highlights a critical need for organisations to bolster cybersecurity measures worldwide. 

Ultimately, this type of widespread data breach has far-reaching consequences that impact both the targeted organisation and the individuals whose personal information is exposed.


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security