{
	"id": "8b270a2b-a470-4172-be51-392deccd4892",
	"created_at": "2026-04-06T00:17:23.584165Z",
	"updated_at": "2026-04-10T03:20:50.573641Z",
	"deleted_at": null,
	"sha1_hash": "2e83b09e268b75fda3b6bb706348c0e5b847c89f",
	"title": "City of Toronto confirms data theft, Clop claims responsibility",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 927600,
	"plain_text": "City of Toronto confirms data theft, Clop claims responsibility\r\nBy Ax Sharma\r\nPublished: 2023-03-23 · Archived: 2026-04-05 12:56:47 UTC\r\nCity of Toronto is among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree.\r\nOther victims listed alongside the Toronto city government include UK's Virgin Red and the statutory corporation, Pension\r\nProtection Fund.\r\nBy exploiting a remote code execution flaw in Fortra's GoAnywhere secure file transfer tool, Clop claims it has managed to\r\nbreach more than 130 organizations thus far.\r\nhttps://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nCity of Toronto confirms data theft\r\nThe Clop ransomware gang has hit City of Toronto in its ongoing attacks targeting organizations using the vulnerable\r\nGoAnywhere file transfer solution.\r\nClop ransomware gang had listed City of Toronto on its leak website\r\nThe ransomware group had earlier listed the victim on its data leak dark web site, according to threat intel analyst Dominic\r\nAlvieri, who has been monitoring the development and shared the finding with BleepingComputer.\r\n\"On March 20, the City became aware of potential unauthorized access to City data,\" a City of Toronto spokesperson told\r\nBleepingComputer.\r\n\"Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The\r\naccess is limited to files that were unable to be processed through the third party secure file transfer system.\"\r\nThe spokesperson stated that the City government is actively investigating the details of the identified files.\r\n\"The City of Toronto is committed to protecting the privacy and security of Torontonians whose information is in its care\r\nand control and successfully wards off cyber attacks on a daily basis.\"\r\n\"The City is still in the early stages of determining the impact of the unauthorized access to City data. If the City's\r\ninvestigation determines that resident data has been compromised, the City will notify and communicate with any\r\nindividuals whose information may have been compromised.\"\r\nToronto is among Clop's growing list of victims impacted by vulnerable instances of a Fortra (formerly HelpSystems)\r\nprogram called GoAnywhere.\r\nThe flaw, now tracked as CVE-2023-0669, enables attackers to gain remote code execution on unpatched GoAnywhere\r\nMFT instances with their administrative console exposed to Internet access.\r\nFortra had previously disclosed to its customers that the vulnerability had been exploited as a zero-day in the wild and urged\r\ncustomers to patch their systems.\r\nIn February, Clop reached out to BleepingComputer and claimed it had breached 130+ organizations and stolen their data\r\nover the course of ten days by exploiting this particular vulnerability on enterprise servers. And since then, the list of victims\r\ncontinues to grow on a daily basis.\r\nhttps://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/\r\nPage 3 of 5\n\nThis month, Hitachi Energy, Saks Fifth Avenue, as well as cybersecurity company, Rubrik disclosed impact from Clop\r\nresulting from the same zero-day.\r\nClop hits UK's Virgin Red, govt pension fund\r\nClop's victims from this week also include UK's Virgin Red, Virgin Group's rewards club that lets customers earn and spend\r\npoints across Virgin businesses, such as Virgin Atlantic, and other partner organizations.\r\nClop ransomware claims attacking Virgin UK\r\nWhile Clop lists the victim as \"Virgin,\" a spokesperson told BleepingComputer that the breach only affected Virgin Red.\r\n\"We were recently contacted by a ransomware group, calling themselves Cl0p, who illegally obtained some Virgin Red files\r\nvia a cyber-attack on our supplier, GoAnywhere,\" a Virgin spokesperson told BleepingComputer.\r\n\"The files in question pose no risk to customers or employees as they contain no personal data.\"\r\nAnother organization to confirm an impact from the file transfer software vendor is UK's Pension Protection Fund (PPF), a\r\nstatutory public corporation that is accountable to the UK Parliament through the Secretary of State for the Department for\r\nWork and Pensions.\r\nIn PPF's case, the ransomware and extortion group has managed to get its hands on employee data.\r\n\"Regrettably some of our current and former employees have been affected by the potential breach,\" announced the\r\norganization in a statement.\r\n\"We have already advised all of those affected of the situation and offered our support and additional monitoring services to\r\nhelp them.\"\r\nPPF has stopped using GoAnywhere since and continues to work closely with Fortra, its security partners and the law\r\nenforcement agencies as a part of investigatory activities.\r\n\"Understanding what data may have been compromised and contacting anyone potentially affected has been our top priority.\r\nWe can reassure our current members and levy payers that none of their data has been involved in the breach.\"\r\n\"We would stress that our own systems have not been compromised and we remain vigilant, working to the very highest\r\ninformation security standards and certifications...\"\r\nhttps://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/\r\nPage 4 of 5\n\nOrganizations using the vulnerable GoAnywhere secure file transfer solution should patch their systems as soon as possible\r\nto safeguard themselves from such cyber attacks.\r\nUpdate, March 24th, 2023 03:15 AM ET: Added an additional answer from City of Toronto. Clarified wording concerning\r\nvulnerable Fortra GoAnywhere instances.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/\r\nhttps://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/city-of-toronto-confirms-data-theft-clop-claims-responsibility/"
	],
	"report_names": [
		"city-of-toronto-confirms-data-theft-clop-claims-responsibility"
	],
	"threat_actors": [],
	"ts_created_at": 1775434643,
	"ts_updated_at": 1775791250,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2e83b09e268b75fda3b6bb706348c0e5b847c89f.pdf",
		"text": "https://archive.orkl.eu/2e83b09e268b75fda3b6bb706348c0e5b847c89f.txt",
		"img": "https://archive.orkl.eu/2e83b09e268b75fda3b6bb706348c0e5b847c89f.jpg"
	}
}