The Russian hacker group Clop is responsible for the cyber attack on Landal GreenParks, which took place earlier this month. The hackers demanded a ransom from the operator, but he refused to pay. Therefore, the captured information has been placed on the dark web.
This is evident from research by RTL News, which has viewed and verified the data.
Landal warns guests about data leaks
At the beginning of this month, Landal GreenParks was the victim of a cyber attack. Hackers managed to steal the personal data of around 12,000 guests. They managed to penetrate Landal’s internal systems through a vulnerability in MOVEit Transfer, an application for exchanging files with other parties. Both developer Progress and the National Cyber Security Center (NCSC) advised implementing the security patch as soon as possible.
Landal GreenParks could not say with certainty at that time whether and what data had been stolen. A spokesperson did know that the perpetrators had stolen no passwords, financial data and reservation information. The holiday company advised holidaymakers to be extra alert for fraudulent practices such as phishing and helpdesk fraud in the coming period.
Clop: ‘This company doesn’t care about its customers
We now know what is behind the attack on Landal GreenParks. The Russian hacker group Clop is responsible for this. The group demanded a ransom from the holiday park. If not, she threatened to make all captured data public. And that’s exactly what they’ve done.
RTL Nieuws found five zip files on Clop’s page on the dark web. This can be downloaded to view the stolen data. The news channel has seen and verified part of the information. This includes names, residential addresses, dates of birth, e-mail addresses and reservation information.
“This company doesn’t care about its customers, it ignores their safety,” Clop wrote in a post on the dark web.
Vulnerability in MOVEit Transfer causes many victims
In a response, Landal GreenParks regrets the cyber attack. “The incident has now been resolved and reported to the Dutch Data Protection Authority as a possible data breach,” a spokesperson told RTL Nieuws. The server on which the data was stored has been rebuilt and secured.
Landal GreenParks is not the only victim of the vulnerability in MOVEit Transfer. Airline companies British Airways and Aer Lingus, pharmacy chain Boots, the British broadcaster BBC, the government of the Canadian province of Nova Scotia, the British payroll company Zellis and the University of Rochester have confirmed in recent days that hackers have attacked them. Shell also confirmed that hackers had exploited the exploit in MOVEit Transfer to infiltrate the company’s systems. New names of victims are added almost every week.