The federal government said Thursday that “several” U.S. agencies had been hit in a global cyberattack.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is “providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” according to Eric Goldstein, the agency’s director for cybersecurity.
“We are working urgently to understand impacts and ensure timely remediation,” he added.
The agencies were reportedly hacked as part of a broader cyberattack that hit dozens of companies and organizations worldwide. The attack was made possible because of a previously unknown vulnerability in MOVEit, a popular file sharing software.
CISA has not identified the agencies that were hit or specify how they had been impacted, though CISA Director Jen Easterly told MSNBC the U.S. does not expect any “significant impact” due to the cyberattack.
The federal agencies’ cyberattack follows reports Wednesday from state agencies in Illinois and Missouri that they were investigating potential data breaches related to vulnerabilities from the MOVEit app.
Johns Hopkins University in Baltimore and its renowned health system also said in a statement this week that “sensitive personal and financial information” may have been stolen in the hack, including billing records.
Further, Georgia’s statewide university system said it was also investigating the “scope and severity” of the hack.
A Russian-speaking ransomware hacking group known as CLOP claimed some credit for hacks last week, which also impacted BBC, British Airways and Shell oil, but it was not immediately clear whether the group had claimed credit for the entirety of the global cyberattack.