A cyberbreach attributed to Russia’s Clop ransomware group has compromised personal information of some Sun Life customers in the U.S., the insurance and investment giant said. The attack was against a file-transfer service called MOVEit, which is used by one of Sun Life’s vendors, Pension Benefit Information. PBI checks external sources “to determine if benefits are due to beneficiaries,” Sun Life’s announcement said. (The Logic)
Talking point: Mackenzie Investments dealt with a similar situation earlier this year, after a cyberattack (also attributed to Clop) hit a different file-transfer system that one of Mackenzie’s vendors used. The MOVEit hack has also affected Shell, the Nova Scotia government, the state of Oregon, the U.S. Department of Energy and Siemens, among many others. Besides affecting a lot of targets, these “supply chain hacks” on digital plumbing can ricochet long after the initial vulnerability is discovered—the lead U.S. cybersecurity agency publicized the MOVEit weakness more than a month ago.