PwC Australia claims "small" number of clients affected by MOVEit data hack

PwC Australia claims "small" number of clients affected by MOVEit data hack

Photo: Nahel Abdul Hadi, via Unsplash

PricewaterhouseCoopers (PwC) Australia has been dragged into a global data hack after the Russian ransomware gang Cl0p took advantage of vulnerabilities in a managed file transfer software program, but the advisory firm clarifies there has only been a limited impact on clients.

Hundreds of organisations are caught up in the cyber breach of MOVEIt Transfer, including the US Department of Energy, oil and gas giant Shell, Johns Hopkins University, British Airways, and the BBC, as well as various state and provincial government departments in the US and Canada.

The owner of MOVEIt, Progressive Software, issued a notice on June 15 noting a critical vulnerability it had encountered could lead to "escalated privileges and potential unauthorised access to the environment".

Progressive Software noted that earlier versions of the software could give rise to vulnerabilities in the MOVEIt web application to what is known as an SQL injection, whereby malicious code is injected into an application.

"An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content," Progressive Software wrote in the notice.

A PwC spokesperson told Business News Australia the firm uses the software with a limited number of client engagements.

"As soon as we learned of this incident we stopped using the platform and started our own investigation," the spokesperson said.

"Our investigation has shown that PwC’s own IT network has not been compromised and that MOVEit’s vulnerability had a limited impact on PwC.  We have reached out to the small number of clients whose files were impacted to discuss the incident.

"Data security is a key priority for PwC and we continue to put the right resources and safeguards in place to protect our network."

Enjoyed this article?

Don't miss out on the knowledge and insights to be gained from our daily news and features.

Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.

Support independent journalism and stay informed with stories that matter to you.

Subscribe now and get 50% off your first year!

Four time-saving tips for automating your investment portfolio
Partner Content
In today's fast-paced investment landscape, time is a valuable commodity. Fortunately, w...
Etoro
Advertisement

Related Stories

Cash transporter Armaguard receives $50m lifeline to stay afloat

Cash transporter Armaguard receives $50m lifeline to stay afloat

As cash processing, storage and transport company Armaguard struggl...

Icon-Elanor JV plans $90m logistics estate in Melbourne's northern suburbs

Icon-Elanor JV plans $90m logistics estate in Melbourne's northern suburbs

Icon Developments has exchanged contracts to acquire a strateg...

Cettire loses $411m in value as shares plummet 48pc

Cettire loses $411m in value as shares plummet 48pc

All of the extraordinary share price gains made by Melbourne-based ...

Fines of $10 million will force supermarkets to rethink exploiting suppliers, but more could be done

Fines of $10 million will force supermarkets to rethink exploiting suppliers, but more could be done

Suppliers of food and other products have been complaining for year...