Criminals breach Dublin airport staff data

Airport blames Russia's Cl0p gang

Criminals breach Dublin airport staff data

The financial details of nearly 2,000 Dublin airport staff have been exposed following a recent cyberattack targeting services firm Aon.

The Dublin Airport Authority (DAA) said on Sunday that data had been stolen as a result of Aon being targeted in an ongoing cyberattack, orchestrated by Russia's Cl0p ransomware gang. The attack exploited security vulnerabilities in widely used file transfer tool MOVEit.

"DAA can confirm that as a result of a recent cyber-attack on Aon, a third-party professional service provider, data relating to some employees' pay and benefits was compromised," a spokesperson told The Times in a statement.

"DAA takes the security of sensitive personal information extremely seriously and has notified [the regulator,] the Data Protection Commission," the statement added.

The DAA is now providing advice and support to affected employees.

It emphasised that there has been no breach within its own organisation.

The DAA is responsible for operating Dublin Airport, which serves a yearly passenger count of over 30 million people.

It also oversees Cork Airport, in southern Ireland, and is involved in managing terminals in Saudi Arabia.

At this time, it is unclear whether the staff at Cork Airport has been affected by the cyberattack.

Aon, which is contracted by the DAA, handles the compilation and printing of personalised total rewards statements for some employees.

While the DAA has publicly attributed the cyberattack to Aon, Aon has so far not issued a public statement.

Latest MOVEit victim

MOVEit Transfer, developed by Progress Software, is a managed file transfer (MFT) solution designed to facilitate secure file transfers between businesses, partners, and customers.

Last month, reports emerged that threat actors were exploiting a zero-day vulnerability in MOVEit Transfer servers to steal data from organisations.

The Cl0p ransomware gang has since claimed responsibility for the MOVEit hack.

Despite Progress Software releasing a patch to address the issue at the end of May, it was already too late for many businesses.

Progress Software patched a third critical flaw in mid-June, just a day after a proof-of-concept exploit for the vulnerability had surfaced.

The MOVEit hack has targeted a wide range of entities, including US government agencies, the UK's telecom regulator, energy giant Shell Oil, and the University of California, Los Angeles.

The US Cybersecurity and Infrastructure Security Agency (CISA) said last month that multiple US federal agencies were targeted.

Energy technology company Siemens Energy acknowledged it had fallen victim to the vulnerability last week.

Meanwhile, French engineering company Schneider Electric said it was investigating its systems for any signs of the attack, following claims by the Cl0p ransomware gang of breaching their systems.

Among the early victims of the cyberattacks were notable British organisations such as British Airways, the BBC and Boots.

Supply chain attacks like MOVEit have emerged as a significant and escalating threat, particularly following notable incidents like the SolarWinds breach in 2020 and the Kaseya crisis in 2021.

The UK's National Cyber Security Centre has issued warnings to companies, urging them to exercise greater caution when it comes to contractors and third-party security.

"By far the greatest supply chain issue is a third party failing to adequately secure the systems that hold your sensitive data," the agency said.