![[UK] MOVEit hack: Clop denies having BBC, BA and Boots data](http://gpa.net/cdn/shop/articles/bigstock-Bbc-Scotland-Studios-And-Headq-463545983_1200x.jpg?v=1687401971)
Hackers from a notorious cybercrime gang have told the BBC they do not have data belonging to a number of big-name organisations thought to be victims of last month’s MOVEit hack, BBC News reports.
The BBC, British Airways and Boots number among the exposed firms that have told their staff that sensitive payroll data was stolen in last month's breach.
However, the suspected hackers Clop have reportedly told the BBC "We don't have that data", raising the possibility that either another unknown hacking gang has the stolen data or that Clop is lying.
UK payroll provider Zellis - breached by hackers to gain access to the BBC, Boots and BA's data - told the BBC it could not comment on the situation as a police investigation was ongoing.
Clop has been posting the company profiles for victims of its hack to pressure them into paying a ransom since June 14. Yet, to date, none of the UK's largest and most well-publicised victims' names has been posted.
Clop has reportedly added the names, websites and company addresses of nearly 50 victims to its darknet website in small batches. The affected organisations include banks, universities, travel firms and software companies from more than a dozen different countries including Belgium, Canada, Germany, Switzerland, the UK and the US.
Some of the companies listed by Clop on their ‘leak site’ have individually confirmed that they have had data stolen. Clop has made threats to publish the stolen data unless victims pay a ransom; likely to be hundreds of thousands of dollars or more in Bitcoin.
It is believed that hundreds of organisations that used the file transfer tool MOVEit have had their data stolen including eight big UK organisations who were customers of Zellis; itself breached through MOVEit.
In an email exchange with the BBC, the cyber-criminals repeatedly claimed not to have stolen the Zellis data. "We don't have that data and we told Zellis about it. We just don't have it. We are an old group and have never deceived anyone, if we say that we do not have information, then we do not have it," the hackers stated.
Zellis reportedly referred BBC News to its previous statement, when asked for an update, the statement said: "We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them."
Zellis said that as soon as it became aware of the hack it took immediate action and disconnected the computer server on which the MOVEit software was installed. The firm says it has brought in an expert external security team to help it respond to the attack and has notified the relevant UK data authorities.
Many possibilities
Cyber-security experts are said to be puzzled by Clop's claims which have further complicated an already complex situation.
Threat researcher Brett Callow, from Emsisoft, told the BBC that Clop could be covering up the fact it stole the data as part of a sale deal with another hacking group.
But Clop claimed "we didn't sell anything to other hackers".
Other experts have suggested that there are many possibilities.
"Clop has no real reason to say they don't have the data," SOS Intelligence boss Amir Hadžipasić said.
"If they are telling the truth then it makes me think that some other hackers may have got in and stolen the data before Clop and if Clop don't have the data then this situation is less predictable. The files are going to end up somewhere on the dark web via another hacking group."
The hack was announced on May 31 by Progress Software, the makers of MOVEit.
Cybercriminals had found a way to break into MOVEit and were subsequently able to use their access to get into the databases of potentially hundreds of other companies.
But since the initial MOVEit disclosure researchers reportedly have found many security issues within the software making it possible that the data was stolen in a different way by a different group.
On June 16, the US announced a $10m reward for "information linking the Clop gang or any other malicious cyber-actors targeting US critical infrastructure to a foreign government".
Source: BBC News
(Link and quotes via original reporting)
Hackers from a notorious cybercrime gang have told the BBC they do not have data belonging to a number of big-name organisations thought to be victims of last month’s MOVEit hack, BBC News reports.
The BBC, British Airways and Boots number among the exposed firms that have told their staff that sensitive payroll data was stolen in last month's breach.
However, the suspected hackers Clop have reportedly told the BBC "We don't have that data", raising the possibility that either another unknown hacking gang has the stolen data or that Clop is lying.
UK payroll provider Zellis - breached by hackers to gain access to the BBC, Boots and BA's data - told the BBC it could not comment on the situation as a police investigation was ongoing.
Clop has been posting the company profiles for victims of its hack to pressure them into paying a ransom since June 14. Yet, to date, none of the UK's largest and most well-publicised victims' names has been posted.
Clop has reportedly added the names, websites and company addresses of nearly 50 victims to its darknet website in small batches. The affected organisations include banks, universities, travel firms and software companies from more than a dozen different countries including Belgium, Canada, Germany, Switzerland, the UK and the US.
Some of the companies listed by Clop on their ‘leak site’ have individually confirmed that they have had data stolen. Clop has made threats to publish the stolen data unless victims pay a ransom; likely to be hundreds of thousands of dollars or more in Bitcoin.
It is believed that hundreds of organisations that used the file transfer tool MOVEit have had their data stolen including eight big UK organisations who were customers of Zellis; itself breached through MOVEit.
In an email exchange with the BBC, the cyber-criminals repeatedly claimed not to have stolen the Zellis data. "We don't have that data and we told Zellis about it. We just don't have it. We are an old group and have never deceived anyone, if we say that we do not have information, then we do not have it," the hackers stated.
Zellis reportedly referred BBC News to its previous statement, when asked for an update, the statement said: "We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them."
Zellis said that as soon as it became aware of the hack it took immediate action and disconnected the computer server on which the MOVEit software was installed. The firm says it has brought in an expert external security team to help it respond to the attack and has notified the relevant UK data authorities.
Many possibilities
Cyber-security experts are said to be puzzled by Clop's claims which have further complicated an already complex situation.
Threat researcher Brett Callow, from Emsisoft, told the BBC that Clop could be covering up the fact it stole the data as part of a sale deal with another hacking group.
But Clop claimed "we didn't sell anything to other hackers".
Other experts have suggested that there are many possibilities.
"Clop has no real reason to say they don't have the data," SOS Intelligence boss Amir Hadžipasić said.
"If they are telling the truth then it makes me think that some other hackers may have got in and stolen the data before Clop and if Clop don't have the data then this situation is less predictable. The files are going to end up somewhere on the dark web via another hacking group."
The hack was announced on May 31 by Progress Software, the makers of MOVEit.
Cybercriminals had found a way to break into MOVEit and were subsequently able to use their access to get into the databases of potentially hundreds of other companies.
But since the initial MOVEit disclosure researchers reportedly have found many security issues within the software making it possible that the data was stolen in a different way by a different group.
On June 16, the US announced a $10m reward for "information linking the Clop gang or any other malicious cyber-actors targeting US critical infrastructure to a foreign government".
Source: BBC News
(Link and quotes via original reporting)