Emisoft and KonBriefing now put the tally of organizations affected by the attacks at more than 1,000, as Cybersecurity Dive reports. According to Emisoft, around 60 million individuals have fallen victim to the hack.

As Security Week notes, those figures include people indirectly as well as directly affected by the hacks. A hack of financial and pension research service provider Pension Benefit Information alone touched millions of individuals via several organizations, such as Seattle-based actuary and consulting firm Milliman.

Among the organizations where more than one million people may have had their information exposed were the Louisiana Office of Motor Vehicles, Colorado Department of Health Care Policy and Financing, Oregon Department of Transportation, Teachers Insurance and Annuity Association of America and Genworth.

The Russian-linked ransomware group Cl0p, which claimed responsibility for the MOVEit hack, has reportedly hoovered up an estimated $100 million for its efforts. Cl0p has also begun leaking data of victims that won’t pay its ransoms.

As Bleeping Computer reports, one lesson for cybersecurity pros is to map their software supply chain to better anticipate potential weak links that could be targets for threat actors. Improving third-party risk management and moving toward a zero-structure are other suggested takeaways, along with choosing continuous penetration testing.

As TechCrunch reports, estimates of the financial damage from the hack range from around $10 billion to $65 billion.

Class action lawsuits have already started to pile up against financial firms caught up in the exploit, including TD Ameritrade, Charles Schwab and Prudential, as Dark Reading reports.