Forte’s GoAnywhere MFT managed file transfer platform, one of Canada’s largest asset management companies, is the latest victim of a hack.
is the spokesman for Onex Corporation, confirmed this morning that an unspecified amount of company data was exposed in the GoAnywhere MFT settlement
“This was not a direct breach of Onex’s systems,” insisted the spokesman, a senior official who spoke on condition that he not be identified. “It was a third-party provider that was impressed that we had some data [with] that is affected. We are treating our customers fairly.”
The spokesperson then confirmed that the affected data was through GoAnywhere MFT. The confirmation came after the Clop ransomware group listed Onex on its data leak site.
The spokesperson would not say when Onex learned that its data had been compromised, nor the type of data, nor how much data, other than to say that the breach was “pretty contained.” Nor would they say whether the attacker contacted Onex.
Vanex has invested in several companies, including Toronto-based Celestica, one of the world’s largest electronics manufacturers, Calgary-based airline WestJet and national hair salon chain Chatters Canada. Onex has just over $50 billion in assets under management.
according to this recently released financialThe company earned $235 million last year.
Other corporate victims of the GoAnywhere MFT compromise include rubric, Hatch Bank, and Community Health Systems. All three are headquartered in the US. In a statement on Monday, Rubrik said, “The GoAnywhere vulnerability resulted in the discovery of unauthorized access to a limited amount of information in our non-production IT test environment. Importantly, our ongoing investigation with the assistance of third-party forensic experts Based on the current investigation, the unauthorized access did not involve any data that we protect through Rubrik products on behalf of our customers.
At this point, it’s unclear how many organizations have been hacked through the GoAnywhere vulnerability, said Brett Callow, a British Columbia-based threat analyst for Emsisoft. Klopp has listed and then removed more than one company, possibly indicating that those companies paid to be removed from the site, he said.
the clopp gang told the bleeping computer It stole data from over 130 organizations through a zero day vulnerability in GoAnywhere MFT.
Fortra markets GoAnywhere MFT as a secure managed file transfer service that allows organizations to centralize, simplify and automate data movement. It can be deployed on-premises or in the cloud.
