Accellion data breach - Revision history

Sojourna: /* Lawsuit */ whoops

2026-05-04T23:22:39Z

Lawsuit: whoops

← Older revision		Revision as of 23:22, 4 May 2026
Line 78:		Line 78:

	==Lawsuit==		==Lawsuit==
	On 18 February 2021, a lawsuit was filed against Accellion for failure to secure the personal information of its customers, alleging it resulting in the plaintiffs facing years of ''"constant surveillance of their financial and personal records, monitoring, and loss of rights".''<ref>{{Cite web \|last=Rizzi \|first=Corrado \|title=Accellion Facing Class Action Over Dec. 2020 File Transfer Service Data Breach [UPDATE] \|url=https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|website=ClassAction.org \|date=19 Feb 2021 \|access-date=27 Mar 2026 \|url-status=live \|archive-url=http://web.archive.org/web/20260213224702/https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|archive-date=13 Feb 2026}}</ref><ref>{{Cite web \|author= \|title=''Zebelman v. Accellion, Inc.'' (5:21-cv-01203) \|url=https://www.courtlistener.com/docket/59301268/zebelman-v-accellion-inc/ \|website=Court Listener \|date= \|access-date=4 May 2026 \|url-status=live \|archive-url=https://web.archive.org/web/20260503050609/https://www.courtlistener.com/docket/59301268/zebelman-v-accellion-inc/ \|archive-date=3 May 2026}}</ref> The case reached an $8.1 million settlement on 20 January 2022, requiring Accellion give two years of credit monitoring and insurance services and reimburse up to $10,000 or receive payment of $15 or $50 to affected individuals.<ref>{{Cite web \|last=Coble \|first=Sarah \|title=Accellion Reaches $8.1m Data Breach Settlement \|url=https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|website=Infosecurity Magazine \|date=17 Jan 2022 \|access-date=26 Mar 2026 \|url-status=live \|archive-url=http://web.archive.org/web/20250721231918/https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|archive-date=21 Jul 2025}}</ref><ref>{{Cite web \|last=Davis \|first=Jessica \|title=Accellion claims no ‘guarantee’ of security in $8.1M breach settlement \|url=https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|website=ScWorld \|date=14 Jan 2022 \|access-date=27 Mar 2026 \|url-status=live \|archive-url=https://web.archive.org/web/20260416164141/https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|archive-date=16 Apr 2026}}		On 18 February 2021, a lawsuit was filed against Accellion for failure to secure the personal information of its customers, alleging it resulting in the plaintiffs facing years of ''"constant surveillance of their financial and personal records, monitoring, and loss of rights".''<ref>{{Cite web \|last=Rizzi \|first=Corrado \|title=Accellion Facing Class Action Over Dec. 2020 File Transfer Service Data Breach [UPDATE] \|url=https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|website=ClassAction.org \|date=19 Feb 2021 \|access-date=27 Mar 2026 \|url-status=live \|archive-url=http://web.archive.org/web/20260213224702/https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|archive-date=13 Feb 2026}}</ref><ref>{{Cite web \|author= \|title=''Zebelman v. Accellion, Inc.'' (5:21-cv-01203) \|url=https://www.courtlistener.com/docket/59301268/zebelman-v-accellion-inc/ \|website=Court Listener \|date= \|access-date=4 May 2026 \|url-status=live \|archive-url=https://web.archive.org/web/20260503050609/https://www.courtlistener.com/docket/59301268/zebelman-v-accellion-inc/ \|archive-date=3 May 2026}}</ref> The case reached an $8.1 million settlement on 20 January 2022, requiring Accellion give two years of credit monitoring and insurance services and reimburse up to $10,000 or receive payment of $15 or $50 to affected individuals.<ref>{{Cite web \|last=Coble \|first=Sarah \|title=Accellion Reaches $8.1m Data Breach Settlement \|url=https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|website=Infosecurity Magazine \|date=17 Jan 2022 \|access-date=26 Mar 2026 \|url-status=live \|archive-url=http://web.archive.org/web/20250721231918/https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|archive-date=21 Jul 2025}}</ref><ref>{{Cite web \|last=Davis \|first=Jessica \|title=Accellion claims no ‘guarantee’ of security in $8.1M breach settlement \|url=https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|website=ScWorld \|date=14 Jan 2022 \|access-date=27 Mar 2026 \|url-status=live \|archive-url=https://web.archive.org/web/20260416164141/https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|archive-date=16 Apr 2026}}</ref>

	==Consumer response==		==Consumer response==

Sojourna: /* Lawsuit */ Replaced problematic citation with one that was both more complete and archivable; misc.

2026-05-04T23:22:03Z

Lawsuit: Replaced problematic citation with one that was both more complete and archivable; misc.

← Older revision		Revision as of 23:22, 4 May 2026
Line 78:		Line 78:

	==Lawsuit==		==Lawsuit==
	On 18 February 2021, a lawsuit was filed against Accellion for failure to secure personal information of its customers, alleging it resulting in the plaintiffs facing years of ''"constant surveillance of their financial and personal records, monitoring, and loss of rights".''<ref>{{Cite web \|last=Rizzi \|first=Corrado ~~\|date=19 February 2021~~ \|title=Accellion Facing Class Action Over Dec. 2020 File Transfer Service Data Breach [UPDATE] \|url=https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|url-status=live \|archive-url=http://web.archive.org/web/20260213224702/https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|archive-date=13 ~~February 2026 \|access-date=27 March~~ 2026 ~~\|website=ClassAction.org~~}}</ref><ref>{{Cite web \|~~date~~=~~29 March 2026~~ \|title=Zebelman v. Accellion, Inc. \|url=https://~~dockets~~.~~justia~~.com/docket/~~california~~/~~candce~~/~~5:2021cv01203/373802~~ \|~~url-status~~= \|access-date=~~29 March~~ 2026 \|~~website~~=~~Justia U~~.~~S Law~~}}</ref~~><!-- This reference would not work on any archival service I tried because of a CAPTCHA. --~~> The case reached a $8.1 million settlement on 20 January 2022, requiring Accellion give 2 years of credit monitoring and insurance services and reimburse up to $10,000 or receive payment of $15 or $50 to affected individuals.<ref>{{Cite web \|last=Coble \|first=Sarah ~~\|date=17 January 2022~~ \|title=Accellion Reaches $8.1m Data Breach Settlement \|url=https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|url-status=live \|archive-url=http://web.archive.org/web/20250721231918/https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|archive-date=21 ~~July~~ 2025 ~~\|access-date=26 March 2026 \|website=Infosecurity Magazine~~}}</ref><ref>{{Cite web \|last=Davis \|first=Jessica ~~\|date=14 January 2022~~ \|title=Accellion claims no ‘guarantee’ of security in $8.1M breach settlement \|url=https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|url-status=live \|archive-url=https://web.archive.org/web/20260416164141/https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|archive-date=16 ~~April 2026 \|access-date=27 March~~ 2026 ~~\|website=ScWorld~~}}~~</ref>~~		On 18 February 2021, a lawsuit was filed against Accellion for failure to secure the personal information of its customers, alleging it resulting in the plaintiffs facing years of ''"constant surveillance of their financial and personal records, monitoring, and loss of rights".''<ref>{{Cite web \|last=Rizzi \|first=Corrado \|title=Accellion Facing Class Action Over Dec. 2020 File Transfer Service Data Breach [UPDATE] \|url=https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|website=ClassAction.org \|date=19 Feb 2021 \|access-date=27 Mar 2026 \|url-status=live \|archive-url=http://web.archive.org/web/20260213224702/https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|archive-date=13 Feb 2026}}</ref><ref>{{Cite web \|author= \|title=''Zebelman v. Accellion, Inc.'' (5:21-cv-01203) \|url=https://www.courtlistener.com/docket/59301268/zebelman-v-accellion-inc/ \|website=Court Listener \|date= \|access-date=4 May 2026 \|url-status=live \|archive-url=https://web.archive.org/web/20260503050609/https://www.courtlistener.com/docket/59301268/zebelman-v-accellion-inc/ \|archive-date=3 May 2026}}</ref> The case reached an $8.1 million settlement on 20 January 2022, requiring Accellion give two years of credit monitoring and insurance services and reimburse up to $10,000 or receive payment of $15 or $50 to affected individuals.<ref>{{Cite web \|last=Coble \|first=Sarah \|title=Accellion Reaches $8.1m Data Breach Settlement \|url=https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|website=Infosecurity Magazine \|date=17 Jan 2022 \|access-date=26 Mar 2026 \|url-status=live \|archive-url=http://web.archive.org/web/20250721231918/https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|archive-date=21 Jul 2025}}</ref><ref>{{Cite web \|last=Davis \|first=Jessica \|title=Accellion claims no ‘guarantee’ of security in $8.1M breach settlement \|url=https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|website=ScWorld \|date=14 Jan 2022 \|access-date=27 Mar 2026 \|url-status=live \|archive-url=https://web.archive.org/web/20260416164141/https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|archive-date=16 Apr 2026}}

	==Consumer response==		==Consumer response==

SquidthePlummer: removed 1 background segment and did other changes

2026-05-04T06:43:47Z

removed 1 background segment and did other changes

Show changes

SquidthePlummer: /* List of responses from affected organizations */ some fixes

2026-05-04T06:07:55Z

List of responses from affected organizations: some fixes

← Older revision		Revision as of 06:07, 4 May 2026
Line 19:		Line 19:

	==List of responses from affected organizations<!-- This contains only companies having any resemblance to consumers -->==		==List of responses from affected organizations<!-- This contains only companies having any resemblance to consumers -->==
	Companies began being informed of the breach around January through March, later releasing ~~statments~~ about the incident. Several companies decided to terminate their agreements with Accellion and collaborate with law enforcement and other companies, while also ~~reach~~ out to potentially affected customers.<ref>{{Cite web \|last=Panettieri \|first=Joe \|date=14 January 2022 \|title=Accellion Vulnerabilities, Cyberattacks, Victims, Lawsuits: Customer List and Status Updates \|url=https://www.msspalert.com/news/accellion-vulnerabilities-victim-list \|url-status=live \|archive-url=https://web.archive.org/web/20250711215300/https://www.msspalert.com/news/accellion-vulnerabilities-victim-list \|archive-date=11 July 2025 \|access-date=26 March 2026 \|website=MSSP Alert}}</ref><ref>{{Cite web \|last=Firch \|first=Jason \|date=14 May 2024 \|title=Accellion Data Breach: What Happened & Who Was Impacted? \|url=https://purplesec.us/breach-report/accellion-data-breach/ \|url-status=live \|archive-url=https://web.archive.org/web/20260416041503/https://purplesec.us/breach-report/accellion-data-breach/ \|archive-date=16 April 2026 \|access-date=26 March 2026 \|website=Purplesec}}</ref>		Companies began being informed of the breach around January through March, later releasing statement about the incident. Several companies decided to terminate their agreements with Accellion and collaborate with law enforcement and other companies, while also reaching out to potentially affected customers.<ref>{{Cite web \|last=Panettieri \|first=Joe \|date=14 January 2022 \|title=Accellion Vulnerabilities, Cyberattacks, Victims, Lawsuits: Customer List and Status Updates \|url=https://www.msspalert.com/news/accellion-vulnerabilities-victim-list \|url-status=live \|archive-url=https://web.archive.org/web/20250711215300/https://www.msspalert.com/news/accellion-vulnerabilities-victim-list \|archive-date=11 July 2025 \|access-date=26 March 2026 \|website=MSSP Alert}}</ref><ref>{{Cite web \|last=Firch \|first=Jason \|date=14 May 2024 \|title=Accellion Data Breach: What Happened & Who Was Impacted? \|url=https://purplesec.us/breach-report/accellion-data-breach/ \|url-status=live \|archive-url=https://web.archive.org/web/20260416041503/https://purplesec.us/breach-report/accellion-data-breach/ \|archive-date=16 April 2026 \|access-date=26 March 2026 \|website=Purplesec}}</ref>

	===Singtel===		===Singtel===
Line 36:		Line 36:
	On 02 May, CXS made a statement highlighting the incident only leaking current and past employees personal information. The company didn't provide much details surrounding the incident in regards to customers or specific type of information, only saying “''To date, this incident has had no impact on business operations or our ability to serve our customers''".<ref>{{Cite web \|date=2 March 2021 \|title=CSX probes ‘security incident’ as hackers leak data \|url=https://www.freightwaves.com/news/csx-probes-security-incident-as-hackers-leak-data \|url-status=live \|archive-url=https://web.archive.org/web/20260216050403/https://www.freightwaves.com/news/csx-probes-security-incident-as-hackers-leak-data \|archive-date=16 February 2026 \|access-date=27 March 2026 \|website=FreightWaves}}</ref><ref>{{Cite web \|last=Lester \|first=David \|date=3 March 2021 \|title=CSX suffers data exposure by hackers \|url=https://www.rtands.com/freight/csx-suffers-data-exposure-by-hackers/ \|url-status=live \|archive-url=https://web.archive.org/web/20240930080445/https://www.rtands.com/freight/csx-suffers-data-exposure-by-hackers/ \|archive-date=30 September 2024 \|access-date=26 March 2026 \|website=RT&S}}</ref>		On 02 May, CXS made a statement highlighting the incident only leaking current and past employees personal information. The company didn't provide much details surrounding the incident in regards to customers or specific type of information, only saying “''To date, this incident has had no impact on business operations or our ability to serve our customers''".<ref>{{Cite web \|date=2 March 2021 \|title=CSX probes ‘security incident’ as hackers leak data \|url=https://www.freightwaves.com/news/csx-probes-security-incident-as-hackers-leak-data \|url-status=live \|archive-url=https://web.archive.org/web/20260216050403/https://www.freightwaves.com/news/csx-probes-security-incident-as-hackers-leak-data \|archive-date=16 February 2026 \|access-date=27 March 2026 \|website=FreightWaves}}</ref><ref>{{Cite web \|last=Lester \|first=David \|date=3 March 2021 \|title=CSX suffers data exposure by hackers \|url=https://www.rtands.com/freight/csx-suffers-data-exposure-by-hackers/ \|url-status=live \|archive-url=https://web.archive.org/web/20240930080445/https://www.rtands.com/freight/csx-suffers-data-exposure-by-hackers/ \|archive-date=30 September 2024 \|access-date=26 March 2026 \|website=RT&S}}</ref>

	===Centene===		===Centene ===
	{{Incomplete section}}		{{Incomplete section}}

Line 47:		Line 47:
	On 24 March, [[wikipedia:Health_Net\|Healthnet]], an American health care insurance provider, released a statement that declared customers addresses, date of birth, insurance ID number, and health information such as medical conditions and treatment information, was compromised. The company stated it started collaraborationg with law enforcement and cease operation of Accellion services.<ref>{{Cite web \|date=24 March 2021 \|title=Health Net received information that one of our business partners was a victim of a cyber-attack \|url=https://www.healthnet.com/content/healthnet/en_us/news-center/news-releases/cyber-accellion.html \|url-status=live \|archive-url=https://web.archive.org/web/20210406205107/https://www.healthnet.com/content/healthnet/en_us/news-center/news-releases/cyber-accellion.html \|archive-date=6 April 2021 \|access-date=28 March 2026 \|website=Health Net}}</ref>		On 24 March, [[wikipedia:Health_Net\|Healthnet]], an American health care insurance provider, released a statement that declared customers addresses, date of birth, insurance ID number, and health information such as medical conditions and treatment information, was compromised. The company stated it started collaraborationg with law enforcement and cease operation of Accellion services.<ref>{{Cite web \|date=24 March 2021 \|title=Health Net received information that one of our business partners was a victim of a cyber-attack \|url=https://www.healthnet.com/content/healthnet/en_us/news-center/news-releases/cyber-accellion.html \|url-status=live \|archive-url=https://web.archive.org/web/20210406205107/https://www.healthnet.com/content/healthnet/en_us/news-center/news-releases/cyber-accellion.html \|archive-date=6 April 2021 \|access-date=28 March 2026 \|website=Health Net}}</ref>

	===The Reserve Bank of New Zealand===		===The Reserve Bank of New Zealand ===
	{{Incomplete section}}		{{Incomplete section}}
	https://web.archive.org/web/20210111063645/https://www.rbnz.govt.nz/news/2021/01/reserve-bank-response-to-illegal-breach-of-data-system		https://web.archive.org/web/20210111063645/https://www.rbnz.govt.nz/news/2021/01/reserve-bank-response-to-illegal-breach-of-data-system
Line 82:		Line 82:

	==Consumer response==		==Consumer response==


	{{Ph-I-ConR}}		{{Ph-I-ConR}}

Matt78: Archived references.

2026-04-16T17:16:02Z

Archived references.

← Older revision		Revision as of 17:16, 16 April 2026
Line 79:		Line 79:

	==Lawsuit==		==Lawsuit==
	On 18 February 2021, a lawsuit was filed against Accellion for failure to secure personal information of its customers, alleging it resulting in the plaintiffs facing years of ''"constant surveillance of their financial and personal records, monitoring, and loss of rights".''<ref>{{Cite web \|last=Rizzi \|first=Corrado \|date=19 February 2021 \|title=Accellion Facing Class Action Over Dec. 2020 File Transfer Service Data Breach [UPDATE] \|url=https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|url-status=live \|archive-url=http://web.archive.org/web/20260213224702/https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|archive-date=13 February 2026 \|access-date=27 March 2026 \|website=ClassAction.org}}</ref><ref>{{Cite web \|date=29 March 2026 \|title=Zebelman v. Accellion, Inc. \|url=https://dockets.justia.com/docket/california/candce/5:2021cv01203/373802 \|url-status=~~live~~ \|access-date=29 March 2026 \|website=Justia U.S Law}}</ref> The case reached a $8.1 million settlement on 20 January 2022, requiring Accellion give 2 years of credit monitoring and insurance services and reimburse up to $10,000 or receive payment of $15 or $50 to affected individuals.<ref>{{Cite web \|last=Coble \|first=Sarah \|date=17 January 2022 \|title=Accellion Reaches $8.1m Data Breach Settlement \|url=https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|url-status=live \|access-date=26 March 2026 \|website=Infosecurity Magazine}}</ref><ref>{{Cite web \|last=Davis \|first=Jessica \|date=14 January 2022 \|title=Accellion claims no ‘guarantee’ of security in $8.1M breach settlement \|url=https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|url-status=live \|access-date=27 March 2026 \|website=ScWorld}}</ref>		On 18 February 2021, a lawsuit was filed against Accellion for failure to secure personal information of its customers, alleging it resulting in the plaintiffs facing years of ''"constant surveillance of their financial and personal records, monitoring, and loss of rights".''<ref>{{Cite web \|last=Rizzi \|first=Corrado \|date=19 February 2021 \|title=Accellion Facing Class Action Over Dec. 2020 File Transfer Service Data Breach [UPDATE] \|url=https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|url-status=live \|archive-url=http://web.archive.org/web/20260213224702/https://www.classaction.org/news/accellion-facing-class-action-over-dec.-2020-file-transfer-service-data-breach \|archive-date=13 February 2026 \|access-date=27 March 2026 \|website=ClassAction.org}}</ref><ref>{{Cite web \|date=29 March 2026 \|title=Zebelman v. Accellion, Inc. \|url=https://dockets.justia.com/docket/california/candce/5:2021cv01203/373802 \|url-status= \|access-date=29 March 2026 \|website=Justia U.S Law}}</ref><!-- This reference would not work on any archival service I tried because of a CAPTCHA. --> The case reached a $8.1 million settlement on 20 January 2022, requiring Accellion give 2 years of credit monitoring and insurance services and reimburse up to $10,000 or receive payment of $15 or $50 to affected individuals.<ref>{{Cite web \|last=Coble \|first=Sarah \|date=17 January 2022 \|title=Accellion Reaches $8.1m Data Breach Settlement \|url=https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|url-status=live \|archive-url=http://web.archive.org/web/20250721231918/https://www.infosecurity-magazine.com/news/accellion-reaches-81m-data-breach/ \|archive-date=21 July 2025 \|access-date=26 March 2026 \|website=Infosecurity Magazine}}</ref><ref>{{Cite web \|last=Davis \|first=Jessica \|date=14 January 2022 \|title=Accellion claims no ‘guarantee’ of security in $8.1M breach settlement \|url=https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|url-status=live \|archive-url=https://web.archive.org/web/20260416164141/https://www.scworld.com/analysis/accellion-reaches-8-1m-settlement-in-data-breach-lawsuit \|archive-date=16 April 2026 \|access-date=27 March 2026 \|website=ScWorld}}</ref>

	==Consumer response==		==Consumer response==

Matt78: Archived references, fixed spelling mistakes.

2026-04-16T05:08:34Z

Archived references, fixed spelling mistakes.

Show changes

Andrew V: /* References */ added archive links

2026-04-15T18:40:22Z

References: added archive links

← Older revision		Revision as of 18:40, 15 April 2026
Line 6:		Line 6:
	\|Type=Security		\|Type=Security
	\|Description=A security breach affecting over 25 companies, medical institutions and schools.		\|Description=A security breach affecting over 25 companies, medical institutions and schools.
	}}Around Mid December in 2020, several hacker group going by the names FIN11, UNC2546, and CLOP, infiltrated [[wikipedia:Kiteworks\|Accellion]] systems using [[wikipedia:SQL_injection\|SQL injection,]] affecting organizations delving to various aspects of education, medicine, and finance, leaking over 9 million customers and employees personal information.<ref name=":0">{{Cite web \|last=Burgess \|first=Monica \|date=31 ~~October 2025~~ \|title=Accellion Data Breach \|url=https://www.huntress.com/threat-library/data-breach/accellion-data-breach \|url-status=live \|access-date=25 ~~March 2026~~ \|website=Huntress}}</ref> This later turn into a lawsuit that reached a $8.1 million settlement on 20 January 2022.		}}Around Mid December in 2020, several hacker group going by the names FIN11, UNC2546, and CLOP, infiltrated [[wikipedia:Kiteworks\|Accellion]] systems using [[wikipedia:SQL_injection\|SQL injection,]] affecting organizations delving to various aspects of education, medicine, and finance, leaking over 9 million customers and employees personal information.<ref name=":0">{{Cite web \|last=Burgess \|first=Monica \|date=2025-10-31 \|title=Accellion Data Breach \|url=https://www.huntress.com/threat-library/data-breach/accellion-data-breach \|url-status=live \|archive-url=https://web.archive.org/web/20260306051955/https://www.huntress.com/threat-library/data-breach/accellion-data-breach \|archive-date=2026-03-06 \|access-date=2026-03-25 \|website=[[Huntress]]}}</ref> This later turn into a lawsuit that reached a $8.1 million settlement on 20 January 2022.

	==Background==		==Background==
	A financially motivated hacker group going by FIN11 has conducted malware and ransomware attacks against financial, retail, and medical related organizations since 2016.<ref>{{Cite web \|last=Stark \|first=Genevieve \|last2=Moore \|first2=Andrew \|last3=Cannon \|first3=Vincent \|last4=Leary \|first4=Jacqueline \|last5=Fraser \|first5=Nalani \|last6=Goody \|first6=Kimberly \|date=14 October 2020 \|title=Threat Research FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft \|url=https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html \|url-status=live \|archive-url=https://web.archive.org/web/20201017221743/https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html \|archive-date=17 October 2020 \|access-date=26 March 2026 \|website=Fire Eye}}</ref> It shares close ties to [[wikipedia:Clop_(hacker_group)#GoAnywhere_MFT_attack_(2023)\|CLOP]], a hacker group that since 2016 has ran phishing campaigns and malware distributions<ref>{{Cite web \|last=Brubaker \|first=Nathan \|last2=Zafra \|first2=Daniel \|last3=Lunden \|first3=Keith \|last4=Proska \|first4=Ken \|last5=Hildebrandt \|first5=Corey \|date=15 July 2020 \|title=Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families \|url=https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html \|url-status=live \|archive-url=https://web.archive.org/web/20200716090918/https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html \|archive-date=16 July 2020 \|access-date=26 March 2026 \|website=Fire Eye}}</ref>, and UNC2546, an unknown hacker group that been shown to conduct malware attacks and SQL injection.<ref>{{Cite web \|last=Ropek \|first=Lucas \|date=23 ~~February 2021~~ \|title=What We Know About the Hackers Behind the Accellion Data Breach \|url=https://gizmodo.com/what-we-know-about-the-hackers-behind-the-accellion-dat-1846316990 \|url-status=live \|access-date=26 ~~March 2026~~ \|website=Gizmodo}}</ref><ref>{{Cite web \|last=Stone \|first=Jeff \|date=22 ~~February 2021~~ \|title=FireEye IDs hacking group suspected in Accellion, Kroger breach \|url=https://cyberscoop.com/fireeye-ids-hacking-group-suspected-in-accellion-kroger-breach/ \|url-status=live \|access-date=26 ~~March 2026~~ \|website=Cyberscoop}}</ref>		A financially motivated hacker group going by FIN11 has conducted malware and ransomware attacks against financial, retail, and medical related organizations since 2016.<ref>{{Cite web \|last=Stark \|first=Genevieve \|last2=Moore \|first2=Andrew \|last3=Cannon \|first3=Vincent \|last4=Leary \|first4=Jacqueline \|last5=Fraser \|first5=Nalani \|last6=Goody \|first6=Kimberly \|date=14 October 2020 \|title=Threat Research FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft \|url=https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html \|url-status=live \|archive-url=https://web.archive.org/web/20201017221743/https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html \|archive-date=17 October 2020 \|access-date=26 March 2026 \|website=Fire Eye}}</ref> It shares close ties to [[wikipedia:Clop_(hacker_group)#GoAnywhere_MFT_attack_(2023)\|CLOP]], a hacker group that since 2016 has ran phishing campaigns and malware distributions<ref>{{Cite web \|last=Brubaker \|first=Nathan \|last2=Zafra \|first2=Daniel \|last3=Lunden \|first3=Keith \|last4=Proska \|first4=Ken \|last5=Hildebrandt \|first5=Corey \|date=15 July 2020 \|title=Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families \|url=https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html \|url-status=live \|archive-url=https://web.archive.org/web/20200716090918/https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html \|archive-date=16 July 2020 \|access-date=26 March 2026 \|website=Fire Eye}}</ref>, and UNC2546, an unknown hacker group that been shown to conduct malware attacks and SQL injection.<ref>{{Cite web \|last=Ropek \|first=Lucas \|date=2021-02-23 \|title=What We Know About the Hackers Behind the Accellion Data Breach \|url=https://gizmodo.com/what-we-know-about-the-hackers-behind-the-accellion-dat-1846316990 \|url-status=live \|archive-url=https://web.archive.org/web/20250723040100/https://gizmodo.com/what-we-know-about-the-hackers-behind-the-accellion-dat-1846316990 \|archive-date=2025-07-23 \|access-date=2026-03-26 \|website=[[Gizmodo]]}}</ref><ref>{{Cite web \|last=Stone \|first=Jeff \|date=2021-02-22 \|title=FireEye IDs hacking group suspected in Accellion, Kroger breach \|url=https://cyberscoop.com/fireeye-ids-hacking-group-suspected-in-accellion-kroger-breach/ \|url-status=live \|archive-url=https://web.archive.org/web/20260118200149/https://cyberscoop.com/fireeye-ids-hacking-group-suspected-in-accellion-kroger-breach/ \|archive-date=2026-01-18 \|access-date=2026-03-26 \|website=[[Cyberscoop]]}}</ref>

	Founded in 1999, Accellion is a file sharing service provider that later rebranded into Kiteworks.		Founded in 1999, Accellion is a file sharing service provider that later rebranded into Kiteworks.

	==The Attack==		==The Attack==
	Around Mid December, FIN11 targeted Accellion 20 year legacy {{Wplink\|File transfer\|File Transfer Appliance}} (FTA), deploying two {{Wplink\|Zero-day vulnerability\|zero-day-vulnerabilities}} that granted access to installation of a custom [[wikipedia:Web_shell\|web shell]] named DEWMODE<ref>{{Cite web \|date=23 ~~February 2021~~ \|title=Accellion Compromise Impacts Many Targets Including Healthcare Organizations \|url=https://www.hhs.gov/sites/default/files/accellion-analyst-note.pdf \|url-status=live \|access-date=26 March 2026 \|website=~~hhs.gov~~}}</ref>, allowing for SQL injection into Accellion systems. On 16 December, Accellion became aware of the vulnerability after a customer reported the vulnerability, and shorty after releasing a patch within 72 hours on 20 and 23 of December 2020.<ref name=":1">{{Cite web \|last=Neill \|first=Rob \|date=3 March 2021 \|title=Accellion hack: timeline clarifies when and how customers were notified \|url=https://www.arnnet.com.au/article/1261917/accellion-hack-timeline-clarifies-when-and-how-customers-were-notified.html \|url-status=live \|access-date=26 March 2026 \|website=ARN}}</ref> On 12 January, the company released a statement announcing the attack and urging customers to update to their newely released communication platform kiteworks.<ref>{{Cite web \|date=12 January 2021 \|title=Press Release Accellion Responds to Recent FTA Security Incident \|url=https://www.kiteworks.com/company/press-releases/accellion-responds-to-recent-fta-security-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20260118203606/https://www.kiteworks.com/company/press-releases/accellion-responds-to-recent-fta-security-incident/ \|archive-date=18 January 2026 \|access-date=26 March 2026 \|website=Kiteworks}}</ref> On 20 January, hackers conducted more attacks after finding new vulnerabilities that included 2 more [[wikipedia:Zero-day_vulnerability\|zero-day-vulnerabilities]]<ref name=":2">{{Cite web \|date=1 March 2021 \|title=ACCELLION, INC. FILE TRANSFER APPLIANCE (FTA) SECURITY ASSESSMENT \|url=https://kiteworks.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf \|url-status=live \|archive-url=https://web.archive.org/web/20211128204658/https://kiteworks.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf \|archive-date=28 November 2021 \|access-date=27 March 2026 \|website=Kiteworks}}</ref>, however after the vulnerability were noticed by Accellion customer service on 22 January, they were shortly patched three days later.<ref name=":0" /><ref name=":1" />Around late January, victims started receiving ransom emails that threatens to publish the stolen data. If the victim didn't respond, they would receive several more warnings messages urging the victim to respond.<ref>{{Cite web \|last=Ilascu \|first=Ionut \|date=22 February 2021 \|title=Global Accellion data breaches linked to Clop ransomware gang \|url=https://www.bleepingcomputer.com/news/security/global-accellion-data-breaches-linked-to-clop-ransomware-gang/ \|url-status=live \|access-date=27 March 2026 \|website=BleepingComputer}}</ref> The company would implement another patch on 28 January that enhanced the security of the 23 December patch. On 01 February, Accellion released an statement detailing the attack and adding no new vulnerabilities were detect at the time.<ref>{{Cite web \|date=1 February 2021 \|title=Press Release Accellion Provides Update to Recent FTA Security Incident \|url=https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20210202020120/https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/ \|archive-date=2 February 2021 \|access-date=26 March 2026 \|website=Accellion}}</ref> A last patch was implemented on 01 March in collaboration with [[wikipedia:Mandiant\|Mandiant]] (subsidiary to [[Google]]) that fixed two additional vulnerabilities.<ref name=":2" /> Accellion would announce termination of its 20 year legacy [[wikipedia:File_transfer\|File Transfer Appliance]], giving customers till 30 April to make any changes to their licensing agreements.<ref>{{Cite web \|date=27 March 2026 \|title=Accellion \|url=https://kiteworks.com/sites/default/files/resources/fta-eol.pdf \|url-status=live \|archive-url=https://web.archive.org/web/20220125042927/https://kiteworks.com/sites/default/files/resources/fta-eol.pdf \|archive-date=25 January 2022 \|access-date=27 March 2026 \|website=Kiteworks}}</ref>		Around Mid December, FIN11 targeted Accellion 20 year legacy {{Wplink\|File transfer\|File Transfer Appliance}} (FTA), deploying two {{Wplink\|Zero-day vulnerability\|zero-day-vulnerabilities}} that granted access to installation of a custom [[wikipedia:Web_shell\|web shell]] named DEWMODE<ref>{{Cite web \|date=2021-02-23 \|title=Accellion Compromise Impacts Many Targets Including Healthcare Organizations \|url=https://www.hhs.gov/sites/default/files/accellion-analyst-note.pdf \|url-status=live \|archive-url=https://web.archive.org/web/20250116150510/https://www.hhs.gov/sites/default/files/accellion-analyst-note.pdf \|archive-date=2025-01-16 \|access-date=26 March 2026 \|website=[[Health Sector Cybersecurity Coordination Center (HC3)]]}}</ref>, allowing for SQL injection into Accellion systems. On 16 December, Accellion became aware of the vulnerability after a customer reported the vulnerability, and shorty after releasing a patch within 72 hours on 20 and 23 of December 2020.<ref name=":1">{{Cite web \|last=Neill \|first=Rob \|date=3 March 2021 \|title=Accellion hack: timeline clarifies when and how customers were notified \|url=https://www.arnnet.com.au/article/1261917/accellion-hack-timeline-clarifies-when-and-how-customers-were-notified.html \|url-status=live \|access-date=26 March 2026 \|website=ARN}}</ref> On 12 January, the company released a statement announcing the attack and urging customers to update to their newely released communication platform kiteworks.<ref>{{Cite web \|date=12 January 2021 \|title=Press Release Accellion Responds to Recent FTA Security Incident \|url=https://www.kiteworks.com/company/press-releases/accellion-responds-to-recent-fta-security-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20260118203606/https://www.kiteworks.com/company/press-releases/accellion-responds-to-recent-fta-security-incident/ \|archive-date=18 January 2026 \|access-date=26 March 2026 \|website=Kiteworks}}</ref> On 20 January, hackers conducted more attacks after finding new vulnerabilities that included 2 more [[wikipedia:Zero-day_vulnerability\|zero-day-vulnerabilities]]<ref name=":2">{{Cite web \|date=1 March 2021 \|title=ACCELLION, INC. FILE TRANSFER APPLIANCE (FTA) SECURITY ASSESSMENT \|url=https://kiteworks.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf \|url-status=live \|archive-url=https://web.archive.org/web/20211128204658/https://kiteworks.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf \|archive-date=28 November 2021 \|access-date=27 March 2026 \|website=Kiteworks}}</ref>, however after the vulnerability were noticed by Accellion customer service on 22 January, they were shortly patched three days later.<ref name=":0" /><ref name=":1" />Around late January, victims started receiving ransom emails that threatens to publish the stolen data. If the victim didn't respond, they would receive several more warnings messages urging the victim to respond.<ref>{{Cite web \|last=Ilascu \|first=Ionut \|date=22 February 2021 \|title=Global Accellion data breaches linked to Clop ransomware gang \|url=https://www.bleepingcomputer.com/news/security/global-accellion-data-breaches-linked-to-clop-ransomware-gang/ \|url-status=live \|access-date=27 March 2026 \|website=BleepingComputer}}</ref> The company would implement another patch on 28 January that enhanced the security of the 23 December patch. On 01 February, Accellion released an statement detailing the attack and adding no new vulnerabilities were detect at the time.<ref>{{Cite web \|date=1 February 2021 \|title=Press Release Accellion Provides Update to Recent FTA Security Incident \|url=https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20210202020120/https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/ \|archive-date=2 February 2021 \|access-date=26 March 2026 \|website=Accellion}}</ref> A last patch was implemented on 01 March in collaboration with [[wikipedia:Mandiant\|Mandiant]] (subsidiary to [[Google]]) that fixed two additional vulnerabilities.<ref name=":2" /> Accellion would announce termination of its 20 year legacy [[wikipedia:File_transfer\|File Transfer Appliance]], giving customers till 30 April to make any changes to their licensing agreements.<ref>{{Cite web \|date=27 March 2026 \|title=Accellion \|url=https://kiteworks.com/sites/default/files/resources/fta-eol.pdf \|url-status=live \|archive-url=https://web.archive.org/web/20220125042927/https://kiteworks.com/sites/default/files/resources/fta-eol.pdf \|archive-date=25 January 2022 \|access-date=27 March 2026 \|website=Kiteworks}}</ref>
	[[File:Accellion breach hacker group ransom demand message.png\|thumb\|alt=Hackers' ransom demand message.\|Hackers' ransom demand message.]]		[[File:Accellion breach hacker group ransom demand message.png\|thumb\|alt=Hackers' ransom demand message.\|Hackers' ransom demand message.]]
	[[File:Accellion breach hacker group last warning message.png\|thumb\|alt=Hacker group's last warning message.\|Hacker group's last warning message.]]		[[File:Accellion breach hacker group last warning message.png\|thumb\|alt=Hacker group's last warning message.\|Hacker group's last warning message.]]
Line 40:		Line 40:

	===Trillium===		===Trillium===
	The Company became aware of the attack on 25 January, and a month later released a statement, declaring customers address, date of birth, insurance ID number, and health information has been leaked and posted online. As compensation, the company gave 1 year credit monitoring and identity theft protection services to affected customers on 26 February.<ref>{{Cite web \|date=~~7 March~~ 2021 \|title=Trillium Community Health Plan members impacted by Accellion breach \|url=https://databreaches.net/2021/03/07/trillium-community-health-plan-members-impacted-by-accellion-breach/ \|url-status=live \|access-date=27 ~~March 2026~~ \|website=~~databreaches~~.~~net~~}}</ref> The company discussed plans to move and remove all data from Accellion systems, review files and sharing data practices.<ref>{{Cite web \|date=25 February 2021 \|title=Trillium vendor reports a Data Security Incident \|url=https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html \|url-status=live \|archive-url=https://web.archive.org/web/20260214042648/https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html \|archive-date=14 February 2026 \|access-date=27 March 2026 \|website=Trillium}}</ref>		The Company became aware of the attack on 25 January, and a month later released a statement, declaring customers address, date of birth, insurance ID number, and health information has been leaked and posted online. As compensation, the company gave 1 year credit monitoring and identity theft protection services to affected customers on 26 February.<ref>{{Cite web \|last=Dissent \|date=2021-03-07 \|title=Trillium Community Health Plan members impacted by Accellion breach \|url=https://databreaches.net/2021/03/07/trillium-community-health-plan-members-impacted-by-accellion-breach/ \|url-status=live \|archive-url=https://web.archive.org/web/20251008135925/https://databreaches.net/2021/03/07/trillium-community-health-plan-members-impacted-by-accellion-breach/ \|archive-date=2025-10-08 \|access-date=2026-03-27 \|website=[[DataBreaches.Net]]}}</ref> The company discussed plans to move and remove all data from Accellion systems, review files and sharing data practices.<ref>{{Cite web \|date=25 February 2021 \|title=Trillium vendor reports a Data Security Incident \|url=https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html \|url-status=live \|archive-url=https://web.archive.org/web/20260214042648/https://www.trilliumohp.com/newsroom/trillium-vendor-reports-a-data-security-incident.html \|archive-date=14 February 2026 \|access-date=27 March 2026 \|website=Trillium}}</ref>
	===Morgan Stanley===		===Morgan Stanley===
	[[wikipedia:Morgan_Stanley\|Morgan Stanely]] third party vendor Guidehouse, a company that delivers account maintenance services, notified Morgan Stanely of the breach on 20 May 2021 after discovering the breach in March and finding information containing names, addresses, date of birth and social security numbers about Morgan Stanely clients in March.<ref>{{Cite web \|last=Gatlan \|first=Sergiu \|date=8 July 2021 \|title=Morgan Stanley reports data breach after vendor Accellion hack \|url=https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/ \|url-status=live \|access-date=27 March 2026 \|website=BleepingComputer}}</ref><ref>{{Cite web \|last=Goodin \|first=Dan \|date=8 July 2021 \|title=Morgan Stanley discloses data breach that resulted from Accellion FTA hacks \|url=https://arstechnica.com/gadgets/2021/07/morgan-stanley-discloses-data-breach-that-resulted-from-accellion-fta-hacks/ \|url-status=live \|access-date=27 March 2026 \|website=Arstechnica}}</ref><ref>{{Cite web \|last=Paganini \|first=Pierluigi \|date=8 July 2021 \|title=Morgan Stanley discloses data breach after the hack of a third-party vendor \|url=https://securityaffairs.com/119865/data-breach/morgan-stanley-data-breach.html \|url-status=live \|access-date=27 March 2026 \|website=SecurityAffairs}}</ref> Morgan Stanley sent emails to affected victims on 08 June and later on 02 July, sending a email to the attorney general office located in concord informing them of the attack.<ref>{{Cite web \|last=Gatlan \|first=Sergiu \|date=8 July 2021 \|title=morgan-stanley-bc-20210702 \|url=https://www.documentcloud.org/documents/20985259-morgan-stanley-bc-20210702/ \|url-status=live \|access-date=28 March 2026 \|website=DocumentCloud}}</ref>		[[wikipedia:Morgan_Stanley\|Morgan Stanely]] third party vendor Guidehouse, a company that delivers account maintenance services, notified Morgan Stanely of the breach on 20 May 2021 after discovering the breach in March and finding information containing names, addresses, date of birth and social security numbers about Morgan Stanely clients in March.<ref>{{Cite web \|last=Gatlan \|first=Sergiu \|date=8 July 2021 \|title=Morgan Stanley reports data breach after vendor Accellion hack \|url=https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/ \|url-status=live \|access-date=27 March 2026 \|website=BleepingComputer}}</ref><ref>{{Cite web \|last=Goodin \|first=Dan \|date=8 July 2021 \|title=Morgan Stanley discloses data breach that resulted from Accellion FTA hacks \|url=https://arstechnica.com/gadgets/2021/07/morgan-stanley-discloses-data-breach-that-resulted-from-accellion-fta-hacks/ \|url-status=live \|access-date=27 March 2026 \|website=Arstechnica}}</ref><ref>{{Cite web \|last=Paganini \|first=Pierluigi \|date=8 July 2021 \|title=Morgan Stanley discloses data breach after the hack of a third-party vendor \|url=https://securityaffairs.com/119865/data-breach/morgan-stanley-data-breach.html \|url-status=live \|access-date=27 March 2026 \|website=SecurityAffairs}}</ref> Morgan Stanley sent emails to affected victims on 08 June and later on 02 July, sending a email to the attorney general office located in concord informing them of the attack.<ref>{{Cite web \|last=Gatlan \|first=Sergiu \|date=8 July 2021 \|title=morgan-stanley-bc-20210702 \|url=https://www.documentcloud.org/documents/20985259-morgan-stanley-bc-20210702/ \|url-status=live \|archive-url=https://web.archive.org/web/20240918045209/https://www.documentcloud.org/documents/20985259-morgan-stanley-bc-20210702 \|archive-date=2024-09-18 \|access-date=28 March 2026 \|website=[[DocumentCloud]]}}</ref>

	===HealthNet===		===HealthNet===

Sojourna: /* The Attack */

2026-04-01T02:06:22Z

The Attack

← Older revision		Revision as of 02:06, 1 April 2026
Line 14:		Line 14:

	==The Attack==		==The Attack==
	Around Mid December, FIN11 targeted Accellion 20 year legacy ~~[[wikipedia:File_transfer~~\|File Transfer Appliance]](FTA), deploying ~~2 [[wikipedia:~~Zero-~~day_vulnerability~~\|zero-day-vulnerabilities]] that granted access to installation of a custom [[wikipedia:Web_shell\|web shell]] named DEWMODE<ref>{{Cite web \|date=23 February 2021 \|title=Accellion Compromise Impacts Many Targets Including Healthcare Organizations \|url=https://www.hhs.gov/sites/default/files/accellion-analyst-note.pdf \|url-status=live \|access-date=26 March 2026 \|website=hhs.gov}}</ref>, allowing for SQL injection into Accellion systems. On 16 December, Accellion became aware of the vulnerability after a customer reported the vulnerability, and shorty after releasing a patch within 72 hours on 20 and 23 of December 2020.<ref name=":1">{{Cite web \|last=Neill \|first=Rob \|date=3 March 2021 \|title=Accellion hack: timeline clarifies when and how customers were notified \|url=https://www.arnnet.com.au/article/1261917/accellion-hack-timeline-clarifies-when-and-how-customers-were-notified.html \|url-status=live \|access-date=26 March 2026 \|website=ARN}}</ref> On 12 January, the company released a statement announcing the attack and urging customers to update to their newely released communication platform kiteworks.<ref>{{Cite web \|date=12 January 2021 \|title=Press Release Accellion Responds to Recent FTA Security Incident \|url=https://www.kiteworks.com/company/press-releases/accellion-responds-to-recent-fta-security-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20260118203606/https://www.kiteworks.com/company/press-releases/accellion-responds-to-recent-fta-security-incident/ \|archive-date=18 January 2026 \|access-date=26 March 2026 \|website=Kiteworks}}</ref> On 20 January, hackers conducted more attacks after finding new vulnerabilities that included 2 more [[wikipedia:Zero-day_vulnerability\|zero-day-vulnerabilities]]<ref name=":2">{{Cite web \|date=1 March 2021 \|title=ACCELLION, INC. FILE TRANSFER APPLIANCE (FTA) SECURITY ASSESSMENT \|url=https://kiteworks.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf \|url-status=live \|archive-url=https://web.archive.org/web/20211128204658/https://kiteworks.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf \|archive-date=28 November 2021 \|access-date=27 March 2026 \|website=Kiteworks}}</ref>, however after the vulnerability were noticed by Accellion customer service on 22 January, they were shortly patched three days later.<ref name=":0" /><ref name=":1" />Around late January, victims started receiving ransom emails that threatens to publish the stolen data. If the victim didn't respond, they would receive several more warnings messages urging the victim to respond.<ref>{{Cite web \|last=Ilascu \|first=Ionut \|date=22 February 2021 \|title=Global Accellion data breaches linked to Clop ransomware gang \|url=https://www.bleepingcomputer.com/news/security/global-accellion-data-breaches-linked-to-clop-ransomware-gang/ \|url-status=live \|access-date=27 March 2026 \|website=BleepingComputer}}</ref> The company would implement another patch on 28 January that enhanced the security of the 23 December patch. On 01 February, Accellion released an statement detailing the attack and adding no new vulnerabilities were detect at the time.<ref>{{Cite web \|date=1 February 2021 \|title=Press Release Accellion Provides Update to Recent FTA Security Incident \|url=https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20210202020120/https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/ \|archive-date=2 February 2021 \|access-date=26 March 2026 \|website=Accellion}}</ref> A last patch was implemented on 01 March in collaboration with [[wikipedia:Mandiant\|Mandiant]] (subsidiary to [[Google]]) that fixed two additional vulnerabilities.<ref name=":2" /> Accellion would announce termination of its 20 year legacy [[wikipedia:File_transfer\|File Transfer Appliance]], giving customers till 30 April to make any changes to their licensing agreements.<ref>{{Cite web \|date=27 March 2026 \|title=Accellion \|url=https://kiteworks.com/sites/default/files/resources/fta-eol.pdf \|url-status=live \|archive-url=https://web.archive.org/web/20220125042927/https://kiteworks.com/sites/default/files/resources/fta-eol.pdf \|archive-date=25 January 2022 \|access-date=27 March 2026 \|website=Kiteworks}}</ref>[[File:~~Hacker~~ group ransom demand message.png\|alt=Hackers ~~Ransom Demand Message\|thumb~~\|Hackers ~~Ransom Demand Message~~ ]]		Around Mid December, FIN11 targeted Accellion 20 year legacy {{Wplink\|File transfer\|File Transfer Appliance}} (FTA), deploying two {{Wplink\|Zero-day vulnerability\|zero-day-vulnerabilities}} that granted access to installation of a custom [[wikipedia:Web_shell\|web shell]] named DEWMODE<ref>{{Cite web \|date=23 February 2021 \|title=Accellion Compromise Impacts Many Targets Including Healthcare Organizations \|url=https://www.hhs.gov/sites/default/files/accellion-analyst-note.pdf \|url-status=live \|access-date=26 March 2026 \|website=hhs.gov}}</ref>, allowing for SQL injection into Accellion systems. On 16 December, Accellion became aware of the vulnerability after a customer reported the vulnerability, and shorty after releasing a patch within 72 hours on 20 and 23 of December 2020.<ref name=":1">{{Cite web \|last=Neill \|first=Rob \|date=3 March 2021 \|title=Accellion hack: timeline clarifies when and how customers were notified \|url=https://www.arnnet.com.au/article/1261917/accellion-hack-timeline-clarifies-when-and-how-customers-were-notified.html \|url-status=live \|access-date=26 March 2026 \|website=ARN}}</ref> On 12 January, the company released a statement announcing the attack and urging customers to update to their newely released communication platform kiteworks.<ref>{{Cite web \|date=12 January 2021 \|title=Press Release Accellion Responds to Recent FTA Security Incident \|url=https://www.kiteworks.com/company/press-releases/accellion-responds-to-recent-fta-security-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20260118203606/https://www.kiteworks.com/company/press-releases/accellion-responds-to-recent-fta-security-incident/ \|archive-date=18 January 2026 \|access-date=26 March 2026 \|website=Kiteworks}}</ref> On 20 January, hackers conducted more attacks after finding new vulnerabilities that included 2 more [[wikipedia:Zero-day_vulnerability\|zero-day-vulnerabilities]]<ref name=":2">{{Cite web \|date=1 March 2021 \|title=ACCELLION, INC. FILE TRANSFER APPLIANCE (FTA) SECURITY ASSESSMENT \|url=https://kiteworks.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf \|url-status=live \|archive-url=https://web.archive.org/web/20211128204658/https://kiteworks.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf \|archive-date=28 November 2021 \|access-date=27 March 2026 \|website=Kiteworks}}</ref>, however after the vulnerability were noticed by Accellion customer service on 22 January, they were shortly patched three days later.<ref name=":0" /><ref name=":1" />Around late January, victims started receiving ransom emails that threatens to publish the stolen data. If the victim didn't respond, they would receive several more warnings messages urging the victim to respond.<ref>{{Cite web \|last=Ilascu \|first=Ionut \|date=22 February 2021 \|title=Global Accellion data breaches linked to Clop ransomware gang \|url=https://www.bleepingcomputer.com/news/security/global-accellion-data-breaches-linked-to-clop-ransomware-gang/ \|url-status=live \|access-date=27 March 2026 \|website=BleepingComputer}}</ref> The company would implement another patch on 28 January that enhanced the security of the 23 December patch. On 01 February, Accellion released an statement detailing the attack and adding no new vulnerabilities were detect at the time.<ref>{{Cite web \|date=1 February 2021 \|title=Press Release Accellion Provides Update to Recent FTA Security Incident \|url=https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/ \|url-status=live \|archive-url=https://web.archive.org/web/20210202020120/https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/ \|archive-date=2 February 2021 \|access-date=26 March 2026 \|website=Accellion}}</ref> A last patch was implemented on 01 March in collaboration with [[wikipedia:Mandiant\|Mandiant]] (subsidiary to [[Google]]) that fixed two additional vulnerabilities.<ref name=":2" /> Accellion would announce termination of its 20 year legacy [[wikipedia:File_transfer\|File Transfer Appliance]], giving customers till 30 April to make any changes to their licensing agreements.<ref>{{Cite web \|date=27 March 2026 \|title=Accellion \|url=https://kiteworks.com/sites/default/files/resources/fta-eol.pdf \|url-status=live \|archive-url=https://web.archive.org/web/20220125042927/https://kiteworks.com/sites/default/files/resources/fta-eol.pdf \|archive-date=25 January 2022 \|access-date=27 March 2026 \|website=Kiteworks}}</ref>
	[[File:~~Hacker~~ group last warning message.png\|thumb\|Hacker group last warning message]]		[[File:Accellion breach hacker group ransom demand message.png\|thumb\|alt=Hackers' ransom demand message.\|Hackers' ransom demand message.]]
			[[File:Accellion breach hacker group last warning message.png\|thumb\|alt=Hacker group's last warning message.\|Hacker group's last warning message.]]

	==List of responses from affected organizations<!-- This contains only companies having any resemblance to consumers -->==		==List of responses from affected organizations<!-- This contains only companies having any resemblance to consumers -->==

Sojourna: Sojourna moved page Accellion Data Breach to Accellion data breach: Misspelled title: Not in sentence case

2026-04-01T01:45:56Z

Sojourna moved page Accellion Data Breach to Accellion data breach: Misspelled title: Not in sentence case

← Older revision	Revision as of 01:45, 1 April 2026
(No difference)

Keith: removed the stub notice as the article is filling out well. replaced it with a cleanup notice since it needs a grammar/english pass

2026-03-30T09:47:18Z

removed the stub notice as the article is filling out well. replaced it with a cleanup notice since it needs a grammar/english pass

← Older revision		Revision as of 09:47, 30 March 2026
Line 1:		Line 1:
	{{~~StubNotice~~}}{{IncidentCargo		{{Cleanup}}{{IncidentCargo
	\|Company=Accellion, Kroger, Shell, Trillium, Qualys, Singtel, CSX		\|Company=Accellion, Kroger, Shell, Trillium, Qualys, Singtel, CSX
	\|StartDate=2020-12		\|StartDate=2020-12
Line 5:		Line 5:
	\|Status=Resolved		\|Status=Resolved
	\|Type=Security		\|Type=Security
	\|Description=A security breach affecting over 25 companies, medical institutions and schools~~, resulting in over 200 customers~~.		\|Description=A security breach affecting over 25 companies, medical institutions and schools.
	}}Around Mid December in 2020, several hacker group going by the names FIN11, UNC2546, and CLOP, infiltrated [[wikipedia:Kiteworks\|Accellion]] systems using [[wikipedia:SQL_injection\|SQL injection,]] affecting organizations delving to various aspects of education, medicine, and finance, leaking over 9 million customers and employees personal information.<ref name=":0">{{Cite web \|last=Burgess \|first=Monica \|date=31 October 2025 \|title=Accellion Data Breach \|url=https://www.huntress.com/threat-library/data-breach/accellion-data-breach \|url-status=live \|access-date=25 March 2026 \|website=Huntress}}</ref> This later turn into a lawsuit that reached a $8.1 million settlement on 20 January 2022.		}}Around Mid December in 2020, several hacker group going by the names FIN11, UNC2546, and CLOP, infiltrated [[wikipedia:Kiteworks\|Accellion]] systems using [[wikipedia:SQL_injection\|SQL injection,]] affecting organizations delving to various aspects of education, medicine, and finance, leaking over 9 million customers and employees personal information.<ref name=":0">{{Cite web \|last=Burgess \|first=Monica \|date=31 October 2025 \|title=Accellion Data Breach \|url=https://www.huntress.com/threat-library/data-breach/accellion-data-breach \|url-status=live \|access-date=25 March 2026 \|website=Huntress}}</ref> This later turn into a lawsuit that reached a $8.1 million settlement on 20 January 2022.