CCleaner reports MOVEit related data breach

Gen Digital, the software company that owns brands such as CCleaner, Avast, NortonLifeLock, and Avira, has reported that a data breach in May resulted in hackers accessing a significant amount of personal data from its paid CCleaner customers.

This breach was communicated to customers via email, detailing that the cybercriminals leveraged a flaw in the MOVEit file transfer tool – a platform utilized by numerous organizations, including CCleaner, to transfer large volumes of sensitive information online.

The information compromised during the breach includes:

• customer names,
• contact details,
• phone numbers,
• email addresses,
• billing details
• details about purchased products.

Gen Digital's reports that the breach affected less than 2% of the user base, but did not specify the exact number of users impacted. Although Gen Digital doesn't specify the number of CCleaner's paid users, it does mention having approximately 65 million paid users across its entire cybersecurity product range, which incorporates CCleaner.

It's unknown why CCleaner waited several months before informing its affected customers about the breach. As of now, CCleaner has not been mentioned on Clop's dark web leak site, a platform used by ransomware groups to threaten companies by exposing stolen data if the demanded ransom isn't paid. Another brand under Gen Digital, NortonLifeLock, was listed on this site on August 14.