It seems the ripples of the Accellion data breaches continue to affect organizations’ critical infrastructure. From the Office of the Washington State Auditor (SAO), the Australian Securities and Investment Commission (ASIC), to New Zealand’s Reserve Bank, Accellion’s vulnerability has affected several organizations globally. The recent victim to join the bandwagon of Accellion hacks is Morgan Stanley. The global financial services provider recently reported a data breach after unknown hackers pilfered private data of its customers by exploiting the bug in the Accellion File Transfer Appliance (FTA) server hosted by a third-party vendor. Morgan Stanley has a huge client base, including public and private organizations, government entities, and institutions across the globe. The data breach could impact the company in several aspects.
Accellion FTA Flaw – The Culprit
According to an official statement, a third-party vendor Guidehouse notified Morgan Stanley about the security incident on May 20, 2021. Guidehouse offers account maintenance services to Morgan Stanley’s StockPlan Connect business unit. The vendor claimed that attackers exploited the Accellion FTA vulnerability, before it was patched, to access customer data that maintained for Morgan Stanley. The flaw allowed an unauthorized individual to obtain the decryption key during the security incident even though the files were encrypted.
The accessed information included customer names, residential addresses, birth dates, social security numbers, and corporate company names. However, the vendor clarified that the affected data does not contain any passwords for the financial accounts and had no impact on any Morgan Stanley applications.
“The Accellion FTA vulnerability that led to this incident was patched in January 2021, within five days of the patch becoming available. Although the data was obtained by the unauthorized individual around that time, the vendor did not discover the attack until March of 2021, and did not discover the impact on Morgan Stanley until May 2021, due to the difficulty in retroactively determining which files were stored in the Accellion FTA appliance when the appliance was vulnerable,” Morgan Stanley said.
Is Clop threat group behind the hack?
While the attackers behind the security incident are unknown, Guidehouse stated that there is no evidence that the leaked data had been distributed or exposed online. Besides, Guidehouse is providing free credit monitoring services for two years to the affected clients and individuals.
Earlier, Accellion issued a statement regarding continuous attacks that exploited its legacy FTA product. The company claimed that cybercriminal group UNC2546 is likely behind the hacks and data breaches. The threat group sent several extortion emails to the victims threatening to publish their sensitive data on their CL0P LEAKS site on the dark web.