Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online

Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims in a massive data breach linked to last year's attacks on file transfer tool MOVEit.

On Monday morning, an entity that uses the handle "Nam3L3ss" began leaking what they claimed to be personal data belonging to from the abovementioned corporations, plus workers at other firms affected by the MOVEit vulnerability.

The Russia-linked Cl0p ransomware crew began abusing this critical security hole in Progress Software's MOVEit product suite in May 2023. Thousands of organizations' and millions of individuals' data was accessed.

MOVEit appears to be the gift that keeps giving, as last month Nam3L3ss began dumping files – including those belonging to Amazon employees – on the cyber crime forum.

This week, the miscreant(s) added several other big names to the MOVEit victims list. The newly leaked data appears to be authentic, according to Zack Ganot, chief strategy officer at personal-data-removal deletion outfit Atlas Privacy.

• Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
• One year on, universities org admits MOVEit attack hit data of 800K people
• US government hit by Russia's Clop in MOVEit mass attack
• The only thing worse than being fired is scammers fooling you into thinking you're fired

Atlas Privacy operates databreach.com – which allows people to check if their info has been exposed in a breach, and then helps them remove their data from the internet. The service's initial analysis of the data Nam3L3ss disclosed is that it exposes hundreds of thousands of employees' names, phone numbers, email addresses, job addresses, employee badges, job titles, and usernames.

This includes more than 760,000 employee details belonging to workers from Xerox (42,735), Koch (237,487), Nokia (94,253), Bank of America (288,297), Bridgewater (2,141), Morgan Stanley (32,861), and JLL (62,349). All six firms were listed on BreachForums on Monday. None responded to The Register's requests for comment. We will update this story if and when we hear back from them.

"This data is a goldmine for social engineering," Ganot told The Register. "Knowing exactly what employee sits on which team, who they report to, what their badge number is, what building they work in, their organizational email and phone number – this is some wild stuff for an attacker looking to exploit an org." ®