The email addresses of over 600,000 Defense Department and Justice Department employees were hacked by a Russian group earlier this year, according to a new report obtained through the Freedom of Information Act.
The US Office of Personnel Management report shed new light on a cyberattack targeting the federal government last summer. Hackers used defects in a popular file-transfer tool, MOVEit, to compromise multiple government agencies, Bloomberg reported, including the Air Force, Army, US Army Corps of Engineers, the Office of the Secretary of Defense, the Joint Staff and Defense Agencies and Field Activities.
The hack, which took place on May 28 and 29, was described by the Office of Personnel Management as a “major incident,” but insisted it didn’t pose a significant risk and the hacked material was “generally of low sensitivity.”
The US Department of Health and Human Services, the Department of Agriculture and the General Services Administration were also impacted by the hack.
The hacking group known as Clop, or Cl0p, was allegedly behind the attack.
MOVEit’s parent company, Progress Software Corp, said it has taken action to reduce the effect of the hack.
In July, a major hack of HCA Healthcare resulted in a massive data breach that impacted at least 11 million patients.
According to HCA Healthcare at the time, the organization “discovered that a list of certain information with respect to some of its patients was made available by an unknown and unauthorized party on an online forum.”
HCA Healthcare warned patients that the hacker accessed information such as the name, location, email, date of birth, gender, telephone number, previous patient service dates, and upcoming appointment dates of HCA Healthcare patients.
According to HCA Healthcare, the information stolen by the unidentified hacker did not include the payment information, sensitive information or clinical information of its patients.