Merger and Acquisition Platform Datasite Named as a Victim of MOVEit Breach
Since the discovery of the SQL injection vulnerability (CVE-2023-34362) in the MOVEit Transfer software on May 31st, the Clop ransomware gang has taken credit for using this vulnerability and others to infiltrate and exploit more than 100 organizations so far. Among the growing list of impacted companies is Datasite, which provides a data sharing platform and encrypted data rooms for potential merger and acquisition partners.
Datasite has over 5,400 clients, including firms such as Goldman Sachs, Deloitte, EY, JPMorgan, and UBS, and serves as a repository for highly sensitive data around M&A and divestiture activity, initial public offerings, and fundraising activities. Datasite reported that the breach exposed information of over 800 individuals, and while the full scope of the exposed information is not yet known, it is possible that a large amount of sensitive data about large financial services firms could be released from this breach.
Next steps
The list of organizations impacted by the MOVEit vulnerability is expected to continue to grow over the next few weeks, and even months, and firms should take action now to minimize the potential impact of this vulnerability.
- Focus on Third-Party Risk Management – The Datasite breach is an important reminder of the risk that third parties present to firms, and the attractiveness of these targets to hackers. Firms should contact high-risk third parties to determine if they use the affected MOVEit software and ensure they have taken appropriate steps to prevent exploitation due to this vulnerability. Longer-term, firms should ensure that they are conducting thorough due diligence on their third parties – especially those with access to sensitive non-public information – monitoring their third parties for changes in the risks they present, and limiting the access to data and systems that third parties have.
- Ensure Deal Rooms Are Emptied – While virtual deal rooms are standard practice, the Datasite breach is a good reminder that once the transaction has been concluded, all data that was stored in the deal room should be permanently deleted. Doing so will help minimize the risk that breaches like this expose sensitive company data to hackers.
- Implement Appropriate MOVEit Patches and Updates – Firms should continue to monitor the latest information from Progress Software on the MOVEit Transfer and MOVEit Cloud vulnerabilities here, taking all necessary and recommended steps to secure their data and systems.
How we help
Our cybersecurity and risk services can help organizations strengthen their line of defense against phishing attacks and other destructive cybercrime tactics.
- Our Third-Party Risk Management (TPRM) services provide firms with guidance on how to build and improve their TPRM program, as well as a comprehensive suite of vendor due diligence, risk assessment, and monitoring.
- Aponix Protect™ to build a comprehensive cybersecurity and technology risk management program tailored to your business needs.
- Business impact analysis and business continuity plans complete with robust policies, plans, and procedures to better protect your company from data breaches and efficiently recover from a cyber incident or significant business disruption.
- Risk assessments to identify and remediate gaps in a firm’s current cybersecurity and regulatory state, as well as figure out how a firm stands up against existing frameworks (SOC, PCI, NIST).
- Staff training and threat monitoring to educate on industry best practices, cyber trends, and emerging threats.
- Vulnerability and penetration testing to reduce the risk of financial, operational, and reputational losses that can result from a breach.
For questions about this alert, or to find out more about our services, please reach out to your ACA consultant or contact us.