{
	"id": "05ecedac-a79e-49f5-8feb-05aa4f1e9da7",
	"created_at": "2026-04-06T00:19:19.964161Z",
	"updated_at": "2026-04-10T03:20:26.560263Z",
	"deleted_at": null,
	"sha1_hash": "257bea4ff6cf16bb40b1e29b64a2de6b399fdd0d",
	"title": "Radisson Hotels, major insurance firms become latest MOVEit victims to disclose breaches",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 75341,
	"plain_text": "Radisson Hotels, major insurance firms become latest MOVEit\r\nvictims to disclose breaches\r\nBy Jonathan Greig\r\nPublished: 2023-07-11 · Archived: 2026-04-05 19:48:43 UTC\r\nThe number of organizations affected by a recently exploited vulnerability in a popular file transfer tool surpassed\r\n250 on Monday as major corporations like Radisson Hotels and two major insurance companies confirmed that\r\ntheir data was accessed by hackers exploiting a vulnerability in the software.\r\nChoice Hotels – the company that purchased global hotel chain Radisson Hotels last year – confirmed to Recorded\r\nFuture News that guest records were involved in the data breach.\r\n“Unfortunately, we have confirmed that MOVEit software, from our vendor, had a vulnerability that was exploited\r\nby bad actors, resulting in data breaches affecting many of their customers including Radisson Hotels Americas,”\r\na spokesperson said.\r\n“While our investigation is still ongoing, we have identified a limited number of guest records that were accessed\r\nby these bad actors. In an abundance of caution, we are in the process of notifying the affected guests.”\r\nThe hotel chain did not say how many guests have been identified so far. It operates more than 1,700 properties in\r\n120 countries.\r\nThe Choice Hotels spokesperson said they are dedicating “significant resources” to monitoring the cyber\r\nlandscape in light of the incident and are coordinating with regulators about the incident.\r\nAmerican National Insurance Company, one of the biggest in the U.S., also confirmed that Progress Software is\r\none of its vendors and that an investigation has been started into what data may have been accessed by the Clop\r\nransomware group – which has been the primary gang of hackers exploiting the MOVEit vulnerability and\r\nextorting victims.\r\n“On July 7, 2023, we became aware that American National’s name has been listed on a website outside the\r\nconfines of the public Internet. We are working as thoroughly and expeditiously as possible to validate and review\r\nany data that may have been impacted to determine if any individuals’ or organizations’ information was\r\ninvolved,” the company told Recorded Future News.\r\n“If we determine that an individual’s sensitive data was involved, we will provide notification to the individual\r\nalong with resources to help protect their information.”\r\nSun Life, one of Canada’s largest insurance providers, said on Saturday that data belonging to some of its U.S.\r\ncustomers was compromised after one of its vendors — Pension Benefit Information (PBI) — had a server\r\n“accessed by an unauthorized third party as part of the global attack.”\r\nhttps://therecord.media/radisson-hotels-major-insurance-firms-disclose-moveit-incidents\r\nPage 1 of 3\n\nThere has been a steady stream of announcements from dozens of the biggest schools, banks and companies in the\r\nworld confirming their exposure to the MOVEit issue – the third file transfer vulnerability exploited by the Clop\r\nransomware group in the last two years.\r\nOver the last week, TD Ameritrade, law firms Kirkland \u0026 Ellis, Proskauer Rose and K\u0026L Gates have come\r\nforward to confirm that they were affected.\r\nEmsisoft ransomware expert Brett Callow, who has kept a running tally of victims, said the number has now\r\nreached 254, with the information of at least 17.7 million people exposed.\r\nMany of the victims are coming from governments or universities – most of which are involved in the incident\r\ndue to their connection to PBI Research Services, the National Student Clearinghouse (NSC) or the Teachers\r\nInsurance and Annuity Association of America (TIAA).\r\nOfficials from the University of Illinois told Recorded Future News that they are communicating with students,\r\nfaculty and staff about the incident after discovering information from their school was involved.\r\n“We don’t know how many students’ data was compromised at the National Student Clearinghouse. NSC notified\r\nthe numerous higher education institutions that use NSC in early June that it was impacted by the MOVEit breach\r\nand that it was investigating,” the school said.\r\n“On June 26 the U of I System was notified by NSC that some of our students’ data was possibly part of that\r\nbreach, but NSC did not provide details on which students might be affected or what data was breached. We\r\nnotified all students on July 3 that the personal data of some of our students was accessed, but we do not know\r\nwhich students. NSC has said it is continuing to investigate and will send notices directly to anyone whose data\r\nwas accessed.”\r\nThe University of Louisville also explained to Recorded Future News that a small number of its UofL Health\r\nmedical practices used MOVEit to transfer files to third party vendors.\r\nThe school is now working with forensic security consultants to determine what information was accessed by the\r\nhackers. The University of Utah released a similar message to its students last Friday.\r\nThe federal government warned on Friday that three new vulnerabilities have been discovered in the MOVEit file\r\ntransfer software – the fourth, fifth and sixth problems found in the software since the fiasco began at the end of\r\nMay.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nhttps://therecord.media/radisson-hotels-major-insurance-firms-disclose-moveit-incidents\r\nPage 2 of 3\n\nNo previous article\r\nNo new articles\r\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/radisson-hotels-major-insurance-firms-disclose-moveit-incidents\r\nhttps://therecord.media/radisson-hotels-major-insurance-firms-disclose-moveit-incidents\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/radisson-hotels-major-insurance-firms-disclose-moveit-incidents"
	],
	"report_names": [
		"radisson-hotels-major-insurance-firms-disclose-moveit-incidents"
	],
	"threat_actors": [],
	"ts_created_at": 1775434759,
	"ts_updated_at": 1775791226,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/257bea4ff6cf16bb40b1e29b64a2de6b399fdd0d.pdf",
		"text": "https://archive.orkl.eu/257bea4ff6cf16bb40b1e29b64a2de6b399fdd0d.txt",
		"img": "https://archive.orkl.eu/257bea4ff6cf16bb40b1e29b64a2de6b399fdd0d.jpg"
	}
}