September 26, 2023

City of Toronto suffers a data breach caused by Clop ransomware, the gang responsible for exploiting the vulnerability in GoAnywhere.

The Clop ransomware gang listed the city of Toronto on its data leak site. The data breach was possible using the zero-day vulnerability in Forta’s GoAnywhere file transfer solution.


The authorities discovered the breach on March 20, 2023, and they are currently investigating the damages. We still don’t know the impact of this incident on City data.

Today, the City of Toronto has confirmed that unauthorized access to City data did occur through a third party vendor. The access is limited to files that were unable to be processed through the third party secure file transfer system.

The bug, which is currently listed as CVE-2023-0669, allows for remote code execution on an unpatched GoAnywhere solution.

The same Clop zero-day’s attacks were reported by Hitachi Energy, Saks Fifth Avenue, and security firm Rubrik.

This week’s also found GoAnywhere attacks list also includes UK’s Virgin Red, Virgin Group’s rewards system, and Pension Protection Fund (PPF).

Virgin Group declared that the extracted files don’t include any PII of customers or employees. While the Pension Protection Fund (PPF) breach affected employee data. In consequence, PPY informed and offered support to current and former employees affected by the incident.

PPF has stopped using GoAnywhere since and continues to work closely with Fortra, its security partners, and the law enforcement agencies as a part of investigatory activities.


To protect themselves, businesses that use the vulnerable GoAnywhere secure file transfer solution should patch their systems as soon as possible.

Coverage will be continued on Clop Ransomware havoc using the Fortra GoAnywhere MFT Zeroday

Leave a Reply

%d bloggers like this: