A massive data breach has exposed sensitive information of over 760,000 employees from several prominent corporations, including Xerox, Nokia, Bank of America, Morgan Stanley, and Koch Industries.
The breach became public on Monday when an entity known as "Nam3L3ss" began releasing employee data on cybercrime forums. The leaked information contains names, phone numbers, email addresses, workplace locations, employee badge details, job titles, and usernames of workers from multiple organizations.
The scope of affected employees includes:
- Bank of America: 288,297 employees
- Koch Industries: 237,487 employees
- Nokia: 94,253 employees
- JLL: 62,349 employees
- Xerox: 42,735 employees
- Morgan Stanley: 32,861 employees
- Bridgewater: 2,141 employees
Security experts have confirmed the authenticity of the leaked data. The breach appears connected to earlier attacks targeting MOVEit, a file transfer software tool that was compromised in May 2023 by the Russia-linked Cl0p ransomware group.
"This data is a goldmine for social engineering," notes Zack Ganot from Atlas Privacy. The exposed information could enable malicious actors to conduct targeted attacks by leveraging detailed organizational knowledge about employees and their roles.
None of the affected companies have publicly commented on the incident. This breach follows a similar leak last month when Nam3L3ss released data belonging to Amazon employees, suggesting an ongoing campaign to expose corporate information obtained through the MOVEit vulnerability.