The blast radius from the mass exploit of a zero-day vulnerability in the MOVEit file transfer service reached another milestone in its destructive spread: more than 1,000 organizations are impacted, according to Emsisoft and KonBriefing Research.

The number of organizations hit by the wide-scale attack increased nearly 40% last week, underscoring the scope of impact and challenge organizations are encountering as they work to determine potential exposure.

The pool of victims from Clop’s attack spree, which was discovered Memorial Day weekend, continues to grow as downstream victims, which lead to more downstream victims, are identified via public disclosures and the threat actor’s website.

Tracking those victims of the MOVEit campaign is circuitous. For almost two-thirds of the victims, breaches occurred because their third-party vendors used MOVEit or the vendor's vendors used the file transfer service, according to KonBriefing Research.

Many downstream victims were exposed by accounting firms, consultancies and benefits and pension actuaries.

Milliman, an actuary and consulting firm based in Seattle, filed multiple breach disclosures this month indicating its clients’ data was compromised because it shared data with Pension Benefit Information, a MOVEit customer that was directly impacted by the attacks.

Broad sharing of personal and sensitive data has ensnared victims that would otherwise be unimpacted by Clop’s spree of attacks against MOVEit customers.

More than 4 in 5 victims identified to date are based in the U.S., including 173 colleges and universities, according to KonBriefing’s tracker.