After professional service provider Aon was attacked by MOVEit Transfer, data of about 3000 employees of Dublin Airport (DDA) were compromised.
An unauthenticated attacker could exploit the SQL injection vulnerability to access the database of MOVEit Transfer without authorization.
Aon hasn't yet made a public remark regarding the security issue, despite DAA's announcement that it is helping the affected employees.
Source: https://securityaffairs.com/148152/data-breach/dublin-airport-data-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/dublin-airport-dub
"id": "dub11918923",
"linkid": "dublin-airport-dub",
"type": "Data Leak",
"date": "07/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Dublin Airport (DAA) employees',
'industry': 'Professional Services',
'name': 'Aon',
'type': 'Professional Service Provider'}],
'attack_vector': 'SQL Injection',
'data_breach': {'number_of_records_exposed': '3000',
'type_of_data_compromised': 'Employee Data'},
'description': 'After professional service provider Aon was attacked by '
'MOVEit Transfer, data of about 3000 employees of Dublin '
'Airport (DAA) were compromised. An unauthenticated attacker '
'could exploit the SQL injection vulnerability to access the '
"database of MOVEit Transfer without authorization. Aon hasn't "
'yet made a public remark regarding the security issue, '
"despite DAA's announcement that it is helping the affected "
'employees.',
'impact': {'data_compromised': 'Employee Data',
'systems_affected': 'MOVEit Transfer'},
'initial_access_broker': {'entry_point': 'MOVEit Transfer'},
'threat_actor': 'Unauthenticated Attacker',
'title': 'Aon Data Breach via MOVEit Transfer',
'type': 'Data Breach',
'vulnerability_exploited': 'SQL Injection'}