{
	"id": "c23ab310-10c3-41bd-9fe3-c543192f3370",
	"created_at": "2026-04-06T00:22:16.293788Z",
	"updated_at": "2026-04-10T13:11:53.971103Z",
	"deleted_at": null,
	"sha1_hash": "6eebfd5733c95fe3e243fc428f985b4c74d207dd",
	"title": "Procter \u0026 Gamble confirms data theft via GoAnywhere zero-day",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 898293,
	"plain_text": "Procter \u0026 Gamble confirms data theft via GoAnywhere zero-day\r\nBy Sergiu Gatlan\r\nPublished: 2023-03-24 · Archived: 2026-04-05 12:54:08 UTC\r\nConsumer goods giant Procter \u0026 Gamble has confirmed a data breach affecting an undisclosed number of employees after\r\nits GoAnywhere MFT secure file-sharing platform was compromised in early February.\r\nWhile the company didn't say who was behind the security breach, this is part of an ongoing spree of extortion demands\r\nlinked to the Clop ransomware gang's attacks targeting Fortra GoAnywhere secure storage servers worldwide.\r\nAccording to Procter \u0026 Gamble, the attackers didn't gain access to employees' financial or social security information,\r\nalthough they did manage to steal some of their data.\r\nhttps://www.bleepingcomputer.com/news/security/procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"P\u0026G can confirm that it was one of the many companies affected by Fortra's GoAnywhere incident. As part of this\r\nincident, an unauthorized third party obtained some information about P\u0026G employees,\" Procter \u0026 Gamble told\r\nBleepingComputer.\r\n\"The data that was obtained by the unauthorized party did not include information such as Social Security numbers or\r\nnational identification numbers, credit card details, or bank account information.\"\r\nP\u0026G says it has no evidence that this data breach impacted customer data and that it stopped using Fortra's GoAnywhere\r\nsecure file-sharing services after discovering the incident.\r\n\"When we learned of this incident in early February, we promptly investigated the nature and scope of the issue, disabled\r\n[the] use of the vendor's services, and notified employees,\" the company added.\r\n\"At this time, there is no indication that customer data was affected by this issue. Our business operations are continuing as\r\nnormal.\"\r\nClop claims it stole files from over 130 organizations\r\nThe Clop ransomware gang previously told Bleeping Computer that it exploited the CVE-2023-0669 GoAnywhere\r\nvulnerability as a zero-day to breach and steal data from the secure storage servers of more than 130 organizations.\r\nThey allegedly stole the data over ten days after breaching Internet-exposed servers vulnerable to exploits targeting this bug.\r\nThe threat actors also claimed they only stole the documents stored on the victims' compromised file-sharing platforms,\r\nalthough they could've also easily moved laterally through their networks to deploy ransomware payloads.\r\nClop began publicly extorting the GoAnywhere attacks' victims on March 10 when it added seven companies to its data leak\r\nsite.\r\nSo far, the list of victims who came forward to acknowledge GoAnywhere breaches and that Clop is extorting them also\r\nincludes healthcare giant Community Health Systems (CHS), fintech platform Hatch Bank, cybersecurity firm Rubrik,\r\nHitachi Energy, luxury brand retailer Saks Fifth Avenue, and the City of Toronto, Canada.\r\nIn ransom notes sent to the victims and seen by BleepingComputer, the ransomware gang introduces themselves as the\r\n\"Clop hacker group,\" warning victims that they'd stolen sensitive documents, which would be published online on Clop's\r\nleak site and sold on the black market if the victims were unwilling to negotiate.\r\n\"We want to inform you that we have stolen important information from your GoAnywhere MFT resource and have attached\r\na full list of files as evidence,\" the ransom notes read.\r\n\"We deliberately did not disclose your organization and wanted to negotiate with you and your leadership first. If you ignore\r\nus, we will sell your information on the black market and publish it on our blog, which receives 30-50 thousand unique\r\nvisitors per day.\"\r\nAlso behind the 2020 Accellion breaches\r\nThe ransomware gang's alleged use of a GoAnywhere MFT zero-day to steal sensitive files from victims' secure sharing\r\nservers is very similar to using an Accellion FTA zero-day vulnerability to steal the data of roughly 100 companies in\r\nDecember 2020.\r\nIn the Accellion attacks, Clop stole massive amounts of data and demanded $10 million ransoms from high-profile\r\ncompanies such as energy giant Shell, cybersecurity firm Qualys, supermarket giant Kroger, and universities worldwide\r\n(e.g., Stanford Medicine, University of Colorado, and the University of California).\r\nThe Clop gang has also been linked to ransomware attacks since at least 2019, encrypting and stealing files from the servers\r\nof a long string of victims, including Software AG IT, Maastricht University, ExecuPharm, and Indiabulls.\r\nhttps://www.bleepingcomputer.com/news/security/procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day/\r\nhttps://www.bleepingcomputer.com/news/security/procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day/"
	],
	"report_names": [
		"procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day"
	],
	"threat_actors": [],
	"ts_created_at": 1775434936,
	"ts_updated_at": 1775826713,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6eebfd5733c95fe3e243fc428f985b4c74d207dd.pdf",
		"text": "https://archive.orkl.eu/6eebfd5733c95fe3e243fc428f985b4c74d207dd.txt",
		"img": "https://archive.orkl.eu/6eebfd5733c95fe3e243fc428f985b4c74d207dd.jpg"
	}
}