Back in 2023, MOVEit made headlines for all the wrong reasons. A serious security flaw in the managed file transfer tool left businesses – and millions of people – exposed. Now, signs suggest lightning could strike twice.
Cybersecurity researchers have picked up on a worrying pattern. There’s been a big rise in scans targeting MOVEit systems, and they claim that’s often a sign that hackers are preparing to strike.
A repeat performance?
GreyNoise, a trusted threat intelligence firm, has flagged a surge in scanning activity across the internet, all aimed at MOVEit servers. That’s exactly how many attacks begin, with criminals scouring the web for weak spots.
To put it into perspective, most days see fewer than 10 unique IP addresses checking MOVEit systems. But on 27 May, that number jumped to over 100. The next day? 319. Since then, it hasn’t dropped below 200.
These aren’t random pings, either. Over the past three months, more than 600 unique IPs have been linked to this scanning behaviour. Most are based in the US, but activity is also coming from Germany, Japan, Brazil, and the UK.
In short: they think that someone’s looking hard for a new vulnerability.
Why does this matter?
MOVEit is widely used by businesses to transfer sensitive data securely. Think customer records, financial details, internal reports – the sort of information you don’t want falling into the wrong hands.
That’s exactly what happened in 2023. A flaw in the software was quickly exploited by the Cl0p ransomware gang, a Russian-based operation that stole huge amounts of data from government agencies, healthcare providers, tech firms, and more.
The fallout was massive and costly. So when security researchers start waving the red flag again, it pays to listen.
What should businesses do?
If you use MOVEit or similar tools, don’t wait for an official alert. Make sure your software is up to date and keep an eye out for suspicious activity. It’s also worth reviewing your data-sharing processes. Are you transferring more than you need to? Are files encrypted? Who has access?
And if you’re unsure, speak to your IT team or a cybersecurity expert.
Why it’s relevant to consumers too
When companies get hit, it’s often their customers who suffer. If your bank, utility provider or healthcare company uses MOVEit, your personal details could be at risk.
As always, be cautious. Monitor your accounts. Be wary of phishing emails. And if you get a data breach notice, take it seriously.
We’re keeping watch
At Join the Claim, we monitor these developments closely. We help consumers understand if they’ve been affected by data breaches and – where appropriate – connect them with legal support to claim compensation. If another MOVEit breach does unfold, we’ll be ready to help.
In the meantime, if your data was compromised in the original MOVEit cyber attack, you may be entitled to compensation.
