{
	"id": "845469f3-5d3b-4b34-8d3c-a6b6931d89b8",
	"created_at": "2026-04-06T00:14:49.899645Z",
	"updated_at": "2026-04-10T03:22:00.986308Z",
	"deleted_at": null,
	"sha1_hash": "778ac0205b9997e48ca459338839c8206d3563fa",
	"title": "UK Pension Protection Fund latest victim of GoAnywhere hack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 87806,
	"plain_text": "UK Pension Protection Fund latest victim of GoAnywhere hack\r\nBy Alexander Martin\r\nPublished: 2023-03-24 · Archived: 2026-04-05 19:39:25 UTC\r\nThe U.K. Pension Protection Fund, one of Britain’s largest asset owners, managing £39 billion, has confirmed it\r\nhas been affected by the hack of popular file transfer service GoAnywhere.\r\nA large number of organizations have confirmed in recent days that hackers had accessed their data in connection\r\nto the incident, including the City of Toronto and the British multinational Virgin.\r\nMore than three dozen victims were added to the Clop ransomware group’s leak site on Thursday, all of whom\r\nappear to have been affected by the GoAnywhere hack.\r\nClop originally told Bleeping Computer that it hacked into more than 130 organizations through a vulnerability in\r\nGoAnywhere, which is being tracked as CVE-2023-0669.\r\nThe PPF said that at the time the incident was first disclosed to them, GoAnywhere’s parent company Fortra\r\n“assured us that our data had not been impacted.”\r\nHowever the PPF is now listed on the Clop site alongside the other victims.\r\nIn its statement, the corporation said it “recently became concerned” about a potential incident, “immediately\r\nstopped using Go Anywhere and began an investigation, working closely with Fortra and our security partners.”\r\nA spokesperson told The Record that the PPF had not entered into any negotiations with the criminal group.\r\nIt confirmed that “some of our current and former employees have been affected” adding: “We have already\r\nadvised all of those affected of the situation and offered our support and additional monitoring services to help\r\nthem.”\r\nThe U.K.'s data protection regulator, the Information Commissioner's Office, said the PPF filed a report on the\r\nincident. \"After carefully reviewing the information provided we gave data protection advice and\r\nrecommendations and closed the case with no further action,\" an ICO spokesperson said.\r\nThe PPF was created in 2004 to protect pension scheme members in cases where the funds lose their members’\r\nmoney.\r\nIt is accountable to parliament although it is not publicly funded, instead receiving a levy from the pension\r\nschemes it covers as well as income from its investments.\r\n“We can reassure our current members and levy payers that none of their data has been involved in the breach,”\r\nthe PPF stated.\r\nhttps://therecord.media/uk-pension-protection-fund-clop-goanywhere-fortra\r\nPage 1 of 3\n\nLast week, Japanese tech giant Hitachi and Canadian financier Investissement Québec confirmed to The Record\r\nthat they had suffered hacks related to the Fortra issue after being added to Clop’s list.\r\nRio Tinto, the world's second-largest metals and mining corporation, said it was investigating the issue after also\r\nbeing added to the list.\r\nCloud data management giant Rubrik told The Record it was also hacked, while one of the largest health providers\r\nin the U.S. and Hatch Bank informed regulatory bodies of their own incidents.\r\nLouise Ferrett, threat intelligence analyst at Searchlight Cyber, noted that this is not the first time Clop has “mass-hacked” a number of organizations by exploiting vulnerabilities in third-party software.\r\nIn late 2020 and early 2021 the ransomware group used the same tactic to attack more than 100 organizations with\r\nAccellion's legacy File Transfer Appliance, using a combination of zero-day vulnerabilities and a new web shell.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/uk-pension-protection-fund-clop-goanywhere-fortra\r\nPage 2 of 3\n\nAlexander Martin\r\nis the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and a fellow\r\nat the European Cyber Conflict Research Initiative, now Virtual Routes. He can be reached securely using Signal\r\non: AlexanderMartin.79\r\nSource: https://therecord.media/uk-pension-protection-fund-clop-goanywhere-fortra\r\nhttps://therecord.media/uk-pension-protection-fund-clop-goanywhere-fortra\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/uk-pension-protection-fund-clop-goanywhere-fortra"
	],
	"report_names": [
		"uk-pension-protection-fund-clop-goanywhere-fortra"
	],
	"threat_actors": [],
	"ts_created_at": 1775434489,
	"ts_updated_at": 1775791320,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/778ac0205b9997e48ca459338839c8206d3563fa.pdf",
		"text": "https://archive.orkl.eu/778ac0205b9997e48ca459338839c8206d3563fa.txt",
		"img": "https://archive.orkl.eu/778ac0205b9997e48ca459338839c8206d3563fa.jpg"
	}
}