DoJ and DoD email addresses exposed in MOVEit related breach

Hackers from the crime group Cl0p have gained access to email addresses of over 600,000 staff members at both the Department of Justice (DOJ) and Department of Defense (DOD).

The culprits exploited a flaw in the MOVEit file transfer software, utilized by numerous government departments, including the DOJ and DOD. This software, supplied by Westat Inc., was procured by the Office of Personnel Management (OPM) for Federal Employee Viewpoint Surveys administration.

The intrusion allowed unauthorized access to government email addresses, survey links, and internal employee codes. Both the DOJ, responsible for enforcing federal regulations, and the DOD, which includes various defense branches, were major targets. This incident raises alarms about potential leaks of classified data and potential breaches of national security measures.

The OPM's preliminary assessment downplayed the severity of the breach, describing the accessed data as “generally of low sensitivity.” Yet, the full extent of the breach's consequences remains uncertain until a detailed review is undertaken.

The OPM stated that there's “no indication” of any unauthorized individuals accessing the survey links exposed in the breach. The hackers capitalized on a coding vulnerability in the MOVEit service, provided by Progress Software Corp., to gain unauthorized access. The incident underlines the significance of keeping such tools updated and secure.