Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Accellion Agrees to Pay $8.1 M in Data Breach Lawsuit Settlement

published on 2022-01-19 11:14:51 UTC by CISOMAG
Content:

Accellion, a provider of hosted file transfer services, recently agreed to pay $8.1 million to settle a class-action lawsuit related to a data breach in December 2020. The lawsuit, filed in a California Federal Court, claims that Accellion failed to protect the sensitive information of millions of users after threat actors exploited a vulnerability in Accellion’s file transfer appliance (FTA).

Based in California, Accellion is a private cloud solutions company providing software for third-party secure file transfers. The data breach occurred due to a bug in Accellion’s file-sharing software, used by several organizations globally.

The data breach affected many Accellion clients. It impacted millions of users’ sensitive data such as names, birthdates, Social Security numbers, banking details, medical and drivers’ license information. The lawsuit stated that Accellion failed to identify vulnerabilities in its FTA platform and implement necessary data security measures to secure client and user classified information.

One Bug – Multiple Attacks

Accellion detected a zero-day vulnerability in its FTA platform in December 2020 and released a patch to fix it. However, in February 2021, the company found four additional flaws in the platform. Several cybercriminal groups started exploiting the flaws to steal sensitive corporate data.

Accellion also issued a statement regarding the constant attacks that exploited its legacy FTA product. The company claimed that cybercriminal group UNC2546 is likely behind the hacks and data breaches. The threat group sent several extortion emails to the victims threatening to publish their sensitive data on their CL0P LEAKS site on the dark web.

Also Read: Bug in Accellion’s Software Exposes Data of 1.4 Mn Washington State Residents

The Bandwagon of Accellion Data Breaches

The ripples of Accellion’s flaw resulted in several data breach incidents, impacting the numerous companies that use Accellion file transfer services. Threat actors attacked several organizations globally by exploiting the Accellion vulnerability.  Critical organizations like the Office of the Washington State Auditor (SAO), the Australian Securities and Investment Commission (ASIC), and New Zealand’s Reserve Bank suffered security breaches.

A recent victim of Accellion hacks is Morgan Stanley. The global financial services provider reported a data breach after unknown hackers pilfered private data of its customers by exploiting the bug in Accellion’s FTA server hosted by a third-party vendor.

The post Accellion Agrees to Pay $8.1 M in Data Breach Lawsuit Settlement appeared first on CISO MAG | Cyber Security Magazine.

Article: Accellion Agrees to Pay $8.1 M in Data Breach Lawsuit Settlement - published almost 3 years ago.

https://cisomag.eccouncil.org/accellion-agrees-to-pay-8-1-m-in-data-breach-lawsuit-settlement/   
Published: 2022 01 19 11:14:51
Received: 2022 01 19 11:26:54
Feed: Ciso Mag - All
Source: CISO Mag
Category: Cyber Security
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor