14 DAY TRIAL // Cybercriminals exploited a series of vulnerabilities in Accellion FTA, a third-party file transfer service widely used in enterprises as an alternative to email attachments. The massive cyberattack led to a data breach at Morgan Stanley, exposing sensitive personal information, according to Ars Technica.
Morgan Stanley is one of the collateral victims of the Accellion FTA cyberattack. A variety of data was stolen, including social security numbers, birth dates, addresses, names, and the names of affiliated companies. Guidehouse, a third-party service used by Morgan Stanley was in possession of the information and shockingly enough, the staff went radio silent.
Morgan Stanley representatives stated, “The protection of client data is of the utmost importance and is something we take very seriously. We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients.”
Accellion took nearly two weeks to notify affected users of the security threats
When choosing between email and the File Transfer Appliance (FTA), Accellion customers prefer the latter as a reliable alternative for transmitting big data files. Instead of attachments, email recipients receive links to files hosted on the FTA that can subsequently be downloaded. Despite being nearly 20 years old, the legacy FTA is still widely used by insurance institutions, finance, and even the government.
FTA exploits were first discovered in December 2020. The company claims to have notified all affected customers and fixed the vulnerabilities that left systems vulnerable to attack within 72 hours of becoming aware. However, independent sources found out that it took the company two weeks to send out notifications and fix the vulnerabilities.
To make matters worse, information security firm Mandiant identified two more zero-day vulnerabilities in the months that followed. Then again, this is not something new as customers have previously reported dissatisfaction with Accellion's response time in alerting them of risks to their computer system.