Aon hit by Russian MOVEit data hack

The Russia-linked ransomware group Clop has been exploiting a security flaw in MOVEit Transfer, a tool used by businesses in various industries to transfer files.

Progress Software, the developer of the MOVEit software, has fixed the gap in the system’s vulnerability, but hackers got there first and compromised a number of its customers.

It had looked like UK operational insurance businesses had managed to swerve the attack, but Post can now confirm global broker Aon has been caught up in it.

A spokesperson for Aon confirmed the hack to Post, and said the broker had shut off access to MOVEit.

The spokesperson said: “Progress Software, a third-party software provider Aon uses for managed file transfers, notified Aon that the company had identified a previously unknown vulnerability in its software, known as MOVEit Transfer.

"Upon notification, Aon shut off access to MOVEit, initiated its incident response procedures and enabled the patches, restoring MOVEit services for Aon colleagues and clients.”

Aon has opened an investigation into the incident, as it has determined that a number of clients have had details downloaded by an unauthorised party.

The spokesperson continued: “Our investigation, supported by leading third-party advisers, remains ongoing.

"While we are still working to associate specific data elements with Aon clients, we have determined that certain files related to a select number of our clients that were processed in the MOVEit Transfer application were downloaded by an unauthorised party.

“This download occurred before Progress Software disclosed the vulnerability publicly. We are in the process of notifying impacted clients.”

Until Aon completes its investigation, it is unclear how much data has been compromised.

It is also unclear if any other insurance firms have been affected, although it is reported that a printing firm used by several insurance entities, including Aon, was also hit by the attack.

Andrew Martin, CEO and founder of Dynarisk, said the MOVEit vulnerability caught dozens of organisations off guard.

Martin said: "Smaller organisations need to up their game to defend against cyber attacks while large companies like Aon need to do more to reduce their attack surface, implement layered security controls and monitor their supply chain.

"DynaRisk analysed 47 companies affected by this attack and found 30 of 47 were rated higher risk than peers. These companies could certainly have done more to improve their security to reduce the likelihood and severity of a breach such as this.

"While this first wave of ransoms has been significant, it is only a matter of time before more ransomware groups begin leveraging this issue and widen the scope of companies that will be compromised."