In May 2023, a global cyberattack hit American IT vendor Progress Software, exploiting vulnerabilities in its sensitive data transfer software, MoveIT. This attack compromised the information of 7.9 million employees across 27 multinationals, including giants such as Amazon, HSBC, and Lenovo, as well as two major Swiss companies: UBS and DSM-Firmenich.
In all, the data of 33,710 Swiss employees has been compromised and is now circulating on the Dark Web.
- DSM-Firmenich has confirmed that 13,248 employee files have been impacted, including non-sensitive information such as names and former e-mail addresses. The company insists that no customer data was exposed and that it has stepped up its vigilance.
- UBS, for its part, saw the data of 20,462 employees leaked but declined to comment on the incident.
For Steven Meyer, Co-CEO and Co-Founder of ZENDATA Cybersecurity, this incident highlights the long-term impact of data leaks, even old ones. Data leaked today, even when considered non-sensitive, can be retained for years and gradually exploited for phishing campaigns, targeted attacks, or identity theft. For example, by combining data such as an employee’s name, e-mail address, or job title, it becomes possible to create highly personalized misleading messages and thus perfectly target a company.
ZENDATA Cybersecurity recommends that Swiss companies carry out both a Security Audit and a Pentest. Both help to identify and correct vulnerabilities, while strengthening corporate resilience to cyber threats.
Read the full article here.
