MOVEit, the biggest hack of the year, by the numbers

The mass-exploitation of MOVEit Transfer software has rapidly cemented itself as the largest hack of the year so far. While the full impact of the attack will likely remain untold for months to come, there are now more than 1,000 known victims of the MOVEit breach, according to cybersecurity company Emsisoft.

This milestone makes the MOVEit breach not just the largest hack of 2023 — but also one of the largest in recent history.

The fallout began in May when Progress disclosed a zero-day vulnerability in MOVEit Transfer, its managed file transfer service used by thousands of organizations around the world to move large amounts of often-sensitive data over the internet. The critical-rated vulnerability allowed attackers — specifically the notorious Clop ransomware and extortion gang — to raid MOVEit Transfer servers and steal customers’ sensitive data stored within.

Since then, Clop’s attacks and threats to publish the stolen data if it doesn’t receive payments have continued unabated, as have the number of known victim organizations, known impacted individuals and the costs associated with the fallout.

We take a look at the MOVEit mass hack by the numbers.


Just as the number of known victim organizations crossed the 1,000 milestone on August 25, the number of impacted individuals also surpassed the 60 million mark.

This figure, published by Emsisoft, is sourced from state breach notifications, SEC regulatory filings and other public disclosures. Emsisoft notes that while there will invariably be some overlap in terms of individuals impacted, the number is only likely to increase as more organizations continue to confirm MOVEit-related data breaches.


U.S.-based organizations account for 83.9% of known MOVEit corporate victims, according to Emisoft’s researchers. Organizations in Germany account for about 3.6% of total victims, followed by Canadian companies at 2.6% and firms in the United Kingdom at 2.1%.

11 million

In July, U.S. government services contracting giant Maximus became the largest victim of the MOVEit breach after confirming that hackers accessed the protected health information — including Social Security numbers — of as many as 11 million…