A UK printing firm that sends mail for clients ranging from major health-insurance providers to multinational banks was a victim of the extensive MOVEit cyberattack.
(Bloomberg) — A UK printing firm that sends mail for clients ranging from major health-insurance providers to multinational banks was a victim of the extensive MOVEit cyberattack.
Adare SEC confirmed to Bloomberg News on Monday that it was hit by the MOVEit hack and that data was stolen. The firm sends digital communications and printed letters and documents to customers of clients including Legal & General Group Plc, Aon Plc and Allianz SE. The company didn’t detail the type of information taken, only saying that the “data relating to a small proportion of our customers has been compromised.”
Adare has arguably the lowest profile of the institutions that have come forward as victims of the attack, carried out by a notorious Russian—speaking hacker group known as Clop. BBC, British Airways and UK media regulator Ofcom are among those that have publicly said they were affected. But the attack on Adare SEC raises questions about exactly how many companies across the world’s information supply chains possess sensitive data about private citizens and how prepared their systems are to handle security breaches.
The hackers exploited a vulnerability in encrypted file-sharing software MOVEit, from Progress Software Corp., to breach institutions’ systems. They posted a notice to the dark web threatening to publish stolen data if companies don’t start ransom negotiations by Wednesday.
Adare said it has contacted customers about the breach and is conducting a forensic investigation into what happened.
Legal & General said it only shared the names and addresses of its customers with Adare SEC and that there are “protections applied to that data to restrict its utility.” The London-based financial services firm said “any risk to our customers is low.”
Aon and Allianz declined to comment.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.