One of Canada’s biggest asset management companies is the latest victim of the hack of Forta’s GoAnywhere MFT managed file transfer platform.
A spokesperson for Onex Corp. this morning confirmed that an unspecified amount of company data was exposed in the compromise of GoAnywhere MFT
“This wasn’t a direct breach of Onex’s systems,” emphasized the spokesperson, a senior official who spoke on condition that they not be identified. “It was a third-party provider that was impacted that we have some data [with] that has been affected. We are dealing with our clients appropriately.”
The spokesperson then confirmed the impacted data was through GoAnywhere MFT. The confirmation came after the Clop ransomware group listed Onex on its data leak site.
The spokesperson wouldn’t say when Onex learned its data was compromised, nor the type of data, nor how much data, other than to say the breach was “fairly contained.” Nor would they say if Onex has been contacted by the attacker.
Onex has investments in a wide range of companies, including Toronto-based Celestica, one of the world’s biggest electronics manufacturers, Calgary-based airline WestJet, and Chatters Canada, a national hair salon chain. Onex has just over $50 billion in assets under management.
According to its just-released financials, the company made $235 million last year.
Other corporate victims of the GoAnywhere MFT compromise include Rubrik, Hatch Bank, and Community Health Systems. All three are headquartered in the U.S.. In a statement Monday, Rubrik said it “detected unauthorized access to a limited amount of information in one of our non-production IT testing environments as a result of the GoAnywhere vulnerability. Importantly, based on our current investigation, being conducted with the assistance of third-party forensics experts, the unauthorized access did not include any data we secure on behalf of our customers via any Rubrik products.”
At this point, it’s unclear how many organizations have been hacked via the GoAnywhere vulnerability, said Brett Callow, a British Columbia-based threat analyst for Emsisoft. Clop has listed and then delisted more than one company, possibly indicating that those companies paid to be removed from the site, he said.
The Clop gang told Bleeping Computer it stole data from over 130 organizations through a zero day vulnerability in GoAnywhere MFT.
Fortra markets GoAnywhere MFT as a secure managed file transfer service that allows organizations to centralize, simplify, and automate data movement. It can be deployed on-premises or in the cloud.