Skip to content

MoveIt hack: 6,32,000 emails from the US DOJ and DOD leaked

  • by
  • 2 min read

A significant data breach comprising the emails of more than 6,32,000 employees from the United States Department of Justice and Defense happened earlier this year as part of the MOVEit hack.

The breach occurred on May 28 and May 29 and was characterised by the Office of Personnel Management as a “major incident”. However, the OPM believed the data was not classified and had low sensitivity.

The massive data breach stemmed from exploiting vulnerabilities within the file transfer software MOVEit, a platform utilised by several government agencies.

The breach extends its impact beyond government institutions, with private companies and other government entities also falling victim to cyberattacks. Notable victims include Shell, the BBC, British Airways, Johns Hopkins University, the University of Georgia and the Energy Department.

MOVEit breach is one of the biggest breaches of 2023.

A malicious actor group from Russia, CLoP, has been credited for this massive breach.

As per Politico, roughly a dozen U.S. agencies maintain contracts with MOVEit, making them potential targets.

First reported by Bloomberg, the accessed emails were part of the surveys administered by these departments and internal agency tracking codes. These data sets are then transferred to Westat, a data firm that the Office of Personnel Management uses to administer employee surveys. Westat used MOVEit to transfer files, and the hackers accessed the emails via the MOVEit hack.

The impacted list of employees includes officials from the US Air Force, Army, Army Corps of Engineers, the Office of Secretary of Defense and the Joint Staff.

Currently, the Department of Justice and the Department of Defense have declined to comment on the matter.

MOVEit data breach has been among one of the biggest data breaches impacting various organisations, both government and private. The breach claimed more than a thousand organisations and affected more than 60 million individuals.

In the News: $4.4 million stolen crypto linked to LastPass’ 2022 breach

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: