Gen Digital, the multinational software company that owns CCleaner, has confirmed a data breach that occurred in May, impacting personal information of its paid customers.
In an email sent to affected customers, Gen Digital revealed that hackers exploited a vulnerability in the MOVEit file transfer tool, widely used by organizations, including CCleaner, to transfer large sets of sensitive data online.
The breach exposed names, contact information, and details about the purchased products of affected customers.
Gen Digital confirmed that customer phone numbers, email addresses, and billing addresses were compromised.
While less than 2% of users were affected, the company did not disclose the exact number of impacted users. CCleaner, a popular optimization app, is utilized by millions of users globally.
The data breach was part of a larger wave of hacking incidents targeting MOVEit file transfer tools that began in May.
This widespread attack, considered one of the largest of the year, allowed the notorious Clop ransomware to steal sensitive data from thousands of organizations. Researchers estimate that over 2,500 organizations have confirmed MOVEit-related data breaches, affecting at least 66 million individuals.
The actual number of affected people is likely higher than reported. The reason for the delay in disclosing the incident to affected customers remains unclear.
