The Clop gang — which has conducted global data theft campaigns targeting file sharing tools MOVEit, GoAnywhere and Accellion over the last five years — initially named 66 companies in the fall of 2024 but has slowly been releasing the names of dozens more organizations allegedly impacted by the Cleo breaches throughout 2025. “In October 2024, an unauthorized actor began exploiting this unknown vulnerability in the third-party software that allowed the unauthorized actor to gain access to a limited portion of Western Alliance’s systems and to obtain copies of files from those systems,” Western Alliance says in the notifications. The bank was one of hundreds of companies and organizations named by the Clop ransomware gang in October after the group claimed it was behind the exploitation of a vulnerability impacting the Cleo file sharing tool. A spokesperson for Thomson Reuters, whose Legal Tracker subsidiary was also named by Clop, confirmed that a small subset of customers who utilize the company’s Professional Services hosted integration service also used Cleo. Phoenix-based Western Alliance Bank said the information of more than 20,000 people was stolen through a vulnerability in a popular file sharing tool last year. Several companies named by Clop have told Recorded Future News that they are in the process of investigating whether they also were affected. We have been in direct contact with the limited number of affected customers,” the spokesperson told Recorded Future News.
This Cyber News was published on therecord.media. Publication date: Tue, 18 Mar 2025 18:05:08 +0000