Hacker claims personal data theft of employees at the world's largest tech companies

A threat actor has claimed that they stole the sensitive personal data of hundreds of thousands of people employed with top U.S. multinational companies such as Xerox, Nokia, Bank of America, Morgan Stanley, and others.

 

Recently, a threat actor using the moniker “Nam3L3ss” claimed that they obtained the personal data of thousands of workers employed with some of the world’s largest companies. According to the hacker, the data was obtained through the 2023 MOVEit attack where the Clop ransomware group exploited a zero-day SQL vulnerability in the MOVEit Transfer web application.

 

According to a screenshot shared on X, the data leak, that began Monday, contains the names, phone numbers, email addresses, job addresses, employee badges, job titles, and usernames.

 

 

According to The Register, the sensitive personal data of more than 760,000 individuals have been published on BreachForums. Of these, 42,735 are employed at Xerox, 237,487 work at Koch, 94,253 at Nokia, 288,297 at Bank of America, 2,141 at Bridgewater, 32,861 at Morgan Stanley, and another 62,349 work at JLL. At the time of publication, none of the mentioned companies had responded to the claims of the threat actor.

 

Last month, the threat actor also claimed that they obtained the personal data of Amazon employees. According to a screenshot shared on X, Nam3L3ss published over 2.8 million lines of Amazon employees data, including their names, phone numbers, building locations, email addresses, job titles and more.

 

The threat actor added that they “obtained additional data from exposed web sources, including databases and backups, totalling over 250TB from companies such as Lenovo, HP, TIAA, HSBC, and Delta.”

 

Commenting on the news, Zack Ganot, chief strategy officer at Atlas Privacy, told The Register, “This data is a goldmine for social engineering. Knowing exactly what employee sits on which team, who they report to, what their badge number is, what building they work in, their organisational email and phone number – this is some wild stuff for an attacker looking to exploit an organisation.”