Millions of personal information leaked from government agencies and businesses, caused by vulnerabilities in file transfer services



On February 19, 2021, it was reported that a hack using a vulnerability in the file transfer service provided by Accellion was carried out, and customer information of a major American supermarket ' Kroger ' was leaked. Accellion's services are used by many companies and government agencies in addition to Kroger, so data breaches are expected to cost at least millions.

Accellion Security Incident Impacts Kroger Family of Companies Associates and Limited Number of Customers
https://www.prnewswire.com/news-releases/accellion-security-incident-impacts-kroger-family-of-companies-associates-and-limited-number-of-customers-301231891.html

Kroger data breach exposes pharmacy and employee data
https://www.bleepingcomputer.com/news/security/kroger-data-breach-exposes-pharmacy-and-employee-data/

Kroger is latest victim of third-party software data breach
https://apnews.com/article/software-c4815b9f0c0092071bad97d9f6842fe6

In a statement released by Kroger, Accellion notified of an information leak on January 23, 2021, and immediately stopped using Accellion. Kroger said that less than 1% of customers were affected by this hack and had not confirmed any impact on credit card information or online shop account information at the time of the announcement, which may have been affected. It will notify all customers and provide a free security notification service.

Accellion's file transfer service is estimated to be used by more than 3000 customers worldwide. Following the Kroger, Washington State audit office to use the same service and personal information about the 2021 February about 160 million cases of unemployment insurance claims a day there is a possibility that the leaked by the hacking announcement . The Reserve Bank of New Zealand has also announced that some of its data systems have been hacked.


Accellion's file transfer service is an old system developed around 2000, and Accellion has been recommending customers to move to their new service since around 2018, and will provide maintenance service on April 30, 2021. We have also announced that it will end. Accellion says it will work with outside investigators to investigate the vulnerability.


In December 2020, it was reported that a large-scale hack was carried out on U.S. government agencies and private companies using this software by using the vulnerability of the network management software ' Orion Platform ' provided by SolarWinds. It has been. In February 2021, hacking was carried out on a water treatment facility using the PC remote control software ' TeamViewer ', and hacking incidents using third-party software continue.



in Software,   Security, Posted by log1p_kr