The Fintech Times reported earlier this week that others affected by the ‘MOVEit’ attack included Ofcom, the BBC, British Airways, and Aer Lingus. The publication said those businesses had revealed that employee personal data was stolen by hackers that had managed to exploit a vulnerability in the MOVEit Managed File Transfer [MFT] software.
In a statement sent to Printweek on request, Adare SEC commented: “Adare SEC was made aware of reported vulnerabilities affecting Progress Software’s MOVEit solution that it uses for file transfers. We acted quickly to take the system offline while an expert team worked to restore systems and conduct a forensic investigation into the matter.
“We have made progress in our investigation and can confirm that the server using MOVEit software was accessed by an unauthorised third-party. Regrettably, it has become apparent that some data relating to a small proportion of our customers has been compromised as a result of the zero-day vulnerability impacting the MOVEit software globally.
“We have contacted customers and are dedicating appropriate resources to supporting them. We have worked hard to limit disruption to our customers and retained third-party industry specialists to assist with our response and conduct a thorough investigation. There is no indication of compromise to any other Adare SEC systems.”
The company did not comment on which specific clients were affected but Bluestone Mortgages posted a notice to customers on its own website about the cyber attack. It said the notice was only relevant to customers that had recently received an SMS message from Bluestone Mortgages requesting that they visit the link.
To those customers, it explained: “We’re getting in touch to make you aware of a global data breach which occurred during the period 2–4 June 2023.
“The breach was a targeted cyber attack on multiple organisations utilising software called ‘MOVEIt’. We’re contacting you because one of our suppliers, a mailing house (who work with us to print and post communications to our customers) called Adare SEC, has been impacted by the data breach.
“Please be assured that we take security of our customers’ data seriously, and we have taken all steps necessary to safeguard against the potential impact of this cyber attack.”
It said affected customers would now receive a letter from that gives more information around the incident, and then laid out several ways customers could protect themselves from fraud.
The Fintech Times’ report also said that on 5 June, analysts from Microsoft Threat Intelligence publicly attributed the attack to ‘Lace Tempest’, which is a threat group known for running an extortion site called ‘Clop’. It reported past cyber attacks have also been attributed to this group that is believed to be based in Russia.
Bloomberg in the US has also reported on the news and said the attack on Adare SEC “raises questions about exactly how many companies across the world’s information supply chains possess sensitive data about private citizens and how prepared their systems are to handle security breaches”.
Adare SEC was acquired by omnichannel communications specialist Opus Trust Communications in November 2021.
Opus Trust Communications subsequently rebranded as Adare SEC last summer, taking the name and branding of the business it acquired as it looked to “reimagine customer communications”.