Cyber Incident Victim: Munich Re

The Clop ransomware gang exploited a remote code execution vulnerability (CVE-2023-0669) in Fortra's GoAnywhere MFT secure file transfer tool, initiating a widespread hacking campaign that impacted numerous organizations by March 2023. Fortra had previously notified customers that attackers abused this zero-day flaw in systems with exposed administrative consoles. Clop claimed responsibility for breaching over 130 organizations within ten days starting in February 2023, with victim organizations continuing to emerge through March. Among those affected were the City of Toronto, UK-based Virgin Red, and the Pension Protection Fund (PPF). The City of Toronto confirmed on March 20, 2023, that it had detected unauthorized access to its data through a third-party vendor's compromised GoAnywhere instance. Initial investigations indicated the breach was limited to files that could not be processed through the vendor's secure transfer system, though the city had not yet confirmed whether resident data was compromised.

The breach allowed Clop to access Virgin Red's files via the same GoAnywhere vulnerability, though Virgin confirmed no customer or employee personal data was exposed. The PPF disclosed that current and former employee data was compromised, prompting direct notifications to affected individuals and offers of monitoring services. PPF ceased using GoAnywhere following the incident and collaborated with Fortra, security partners, and law enforcement during its investigation. Other organizations including Hitachi Energy, Saks Fifth Avenue, and cybersecurity firm Rubrik also confirmed breaches stemming from the same zero-day exploit. Toronto emphasized its commitment to data protection and ongoing efforts to assess the scope of compromised information, pledging to notify residents if personal data was affected. The incident underscored operational disruptions and data exposure risks linked to third-party vendor vulnerabilities.