Tasmania: 150,000 individuals and businesses affected by Clop ransomware group
The government of the Australian state of Tasmania confirmed on Friday “approximately 150,000 individuals and businesses” in the island state were directly affected by the hack of Fortra’s GoAnywhere file transfer product.
In an update from the state’s minister for science and technology, Madeleine Ogilvie, the Tasmanian government said it is continuing to investigate the theft of data, which includes information regarding schoolchildren.
The state government has “proactively reached out by phone to those identified as vulnerable to ensure they have the supports in place,” said Ogilvie, who last week announced that 16,000 sensitive documents had been released by the Clop extortion group.
“Through extensive investigations by our cyber team, we have now identified approximately 14,000 additional individuals whose data may have been compromised. Out of an abundance of caution, those identified will be contacted today,” the minister said.
It is not clear what relation the 30,000 identified individuals have to the 150,000 individuals and businesses which the state government cited earlier.
Ogilvie had acknowledged earlier that the investigation into the attack indicated that “financial data from the Department for Education, Children and Young People may have been accessed in the global incident.”
While she said last week that more information was likely to be released, in Friday’s update Ogilvie added “there is no evidence that any further data has been released.”
However the government stated: “We continue to urge people to stay alert for any suspicious financial activity or attempted scams.”
The Clop ransomware group has published information stolen from dozens of companies and organizations after spending weeks exploiting a vulnerability in the popular GoAnywhere tool.
Governments, businesses and schools — from the City of Toronto and the Virgin company to Hitachi — have come forward to say data was stolen through the bug affecting GoAnywhere. Clop is the only hacking group confirmed to have exploited the vulnerability, which cybersecurity researchers track as CVE-2023-0669.
In February, Clop claimed it had attacked more than 130 organizations and it has slowly been adding names to its list of victims since then.
Fortra, the company behind GoAnywhere, has faced backlash for its response to the fiasco. Several customers told TechCrunch last week that the company told them their data was safe when it was not.
The Clop attack also has stirred criticism from the opposition Labor Party, which said Tasmania's Liberal government hasn't communicated effectively about the crisis and downplayed the sensitivity of the stolen data. Ogilvie said Labor officials were fearmongering and peddling misinformation about the government's response to the incident.
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.