Things have taken a turn for the worse at PwC. 

PwC has become entangled in a far-reaching cybersecurity breach with potential implications for several Australian companies. 

Russian-linked cybercriminals have successfully breached a widely used file-sharing software called MOVEit, leading to the theft of data from various entities, including US federal agencies, energy conglomerate Shell, and the BBC. 

PwC's competitor, EY, was also affected by the breach, which continues to expand as more targeted companies come forward.

The cybercrime group claiming responsibility, known as Cl0p, has a history of executing large-scale global attacks and is now demanding a ransom from the affected companies. 

In a message posted on their website, Cl0p warns companies to comply with the ransom demand to prevent severe consequences: “Pay attention to avoid extraordinary measures to impact your company”.

On Monday, PwC Australia confirmed that it had used the compromised software for a “limited number” of its clients, compounding its existing troubles arising from the Collins tax scandal. 

A spokesperson for PwC acknowledged the cybersecurity incident and stated that they ceased using MOVEit as soon as they became aware of the breach. 

PwC has reportedly launched an investigation into the matter and reached out to clients whose files were exposed. It claims that its own network remained secure throughout the incident.

Russian hackers have previously targeted numerous major Western businesses, including a supply chain hack earlier this year that allowed them to access data from mining giant Rio Tinto and Crown Resorts by exploiting another third-party service called GoAnywhere. 

These incidents underscore the vulnerability of the digital infrastructure that governments and companies rely on to transmit their information.

Katherine Mansted, Intelligence Director at digital security firm CyberCX, expressed little surprise at the possibility of more Australian victims being affected by this latest hack, considering the pervasiveness of the compromised software. 

Cl0p issued its ransom demand on the dark web in early June, setting a deadline of June 14, implying that client files could be made public soon.

The Australian Securities and Investments Commission (ASIC) confirmed its use of MOVEit but assured the public that it had swiftly secured the service and ensured the non-compromise of any information. 

Cyber Security Minister Clare O'Neil says that the government is aware of the MOVEit hack and prepared to assist any Australian entities involved.

EY says it learned of the breach on May 31, when the software provider Progress confirmed the vulnerability in its software. 

A spokesperson for EY explained that the firm immediately initiated an investigation into their use of the tool and took urgent measures to safeguard any data. Similar to PwC, EY refrained from commenting on the ransom demand.

PwC says its investigations have revealed no compromise of its own IT networks, and claims to protect its network by continuously implementing appropriate resources and safeguards.

PwC has sold itself as a reliable entity capable of assisting other companies at risk of cyberattacks, and emphasises its “community of solvers” who specialise in preventing and addressing breaches across five different areas.

EY says most of its systems using the compromised transfer service remained uncompromised. 

Nevertheless, the company is manually investigating potential data access points and actively communicating with customers and relevant authorities, it says. 

Software provider Progress says it promptly addressed the vulnerability within 48 hours, assisting affected clients and enlisting the support of top cybersecurity firms to manage the incident response effectively.