The UK’s Pension Protection Fund, which manages a massive £39 billion in assets for nearly 300,000 members, has been hit by hackers who gained access to some employee data.
The intruders exploited a vulnerability in the third-party data transfer service Go Anywhere, which the fund uses for secure data transfer, to compromise the information.
According to a statement from a fund spokesperson, the hackers did not gain access to any data related to the fund’s members or pensioners. The ransomware gang Cl0p has claimed responsibility for the hack and listed the Pension Protection Fund as one of its most recent victims.
Cl0p’s playbook follows the ransomware formula
The notorious gang is known for encrypting its victims’ computers using ransomware, demanding payment in exchange for unlocking the files, and threatening to release stolen information online.
In February, the GoAnywhere developer, Fortra, had previously disclosed that hackers had taken advantage of a software vulnerability in its data transfer product.
The Cl0p gang then claimed to have used the same vulnerability to steal data from more than 130 organizations, including US healthcare provider Community Health Systems, which estimated that around 1 million people might have been affected.
The cybersecurity threat still looms large
Cl0p is considered one of the most active and profitable ransomware groups, having extorted hundreds of millions of dollars from its victims. The gang’s members are believed to be Russian-speaking.
The affected Pension Protection Fund employees have been offered support through an Experian monitoring service in response to the hack.
While the Pension Protection Fund has not revealed the extent of the damage caused by the hack, the incident underscores the need for all organizations to remain vigilant against the constantly evolving threat of cyber attacks.
Also read: Ferrari has disclosed a data breach