A MOVEit attack on the business service provider Aon resulted in the personal data of 3000 staff at the Dublin Airport being compromised.
An unauthenticated attacker might use the SQL injection vulnerability to access MOVEit Transfer's database without authorization.
DAA has stated that it is helping the affected employees, however, Aon has not yet made a public statement regarding the security issue.
Source: https://securityaffairs.com/148152/data-breach/dublin-airport-data-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/aon
"id": "aon20209723",
"linkid": "aon",
"type": "Data Leak",
"date": "07/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 3000,
'industry': 'Aviation',
'location': 'Dublin, Ireland',
'name': 'Dublin Airport Authority (DAA)',
'type': 'Government Entity'}],
'attack_vector': 'SQL Injection',
'data_breach': {'number_of_records_exposed': 3000,
'type_of_data_compromised': 'Personal Data'},
'description': 'A MOVEit attack on the business service provider Aon resulted '
'in the personal data of 3000 staff at the Dublin Airport '
'being compromised. An unauthenticated attacker might use the '
"SQL injection vulnerability to access MOVEit Transfer's "
'database without authorization. DAA has stated that it is '
'helping the affected employees, however, Aon has not yet made '
'a public statement regarding the security issue.',
'impact': {'data_compromised': 'Personal Data',
'systems_affected': 'MOVEit Transfer'},
'threat_actor': 'Unauthenticated Attacker',
'title': 'MOVEit Attack on Aon Compromises Personal Data of Dublin Airport '
'Staff',
'type': 'Data Breach',
'vulnerability_exploited': 'SQL Injection'}