Software Company Hit By Ransomware Hack

TechCrunch’s Carly Page reports that U.S. securities regulators have opened a probe into a MOVEit mass hack. It exposed the personal data of 64 million people at minimum, according to Progress Software, the company that makes the compromised secure file transfer software.

The Clop ransomware group claimed credit for the attack. According to TechCrunch, victims all over the world have come forward saying they were exposed. “Last week, Sony confirmed that more than 6,000 employees had their data accessed in a MOVEit-related incident, and Flagstar Bank said more than 800,000 customer records had been stolen,” writes Page. More than 1,000 organizations have been affected since May.

Progress Software has confirmed that it was subpoenaed by the Securities and Exchange Commission, which wants access to various documents and information relating to the vulnerability. In a statement, Progress says “The SEC investigation is a fact-finding inquiry, the investigation does not mean that Progress or anyone else has violated federal securities laws.”

In a separate report, the company says it has incurred losses to the tune of about $1 million from the vulnerability. That is after an expected roughly $2 million in cyber insurance payouts. Further losses appear to be in the cards. Twenty-three affected customers are suing the company, and 58 putative class actions have been filed by individuals who claim to be affected.

In the filing, Progress said it had earlier incurred additional costs of $4.2 million related to a cybersecurity incident in November 2022. No details are revealed, but a spokesperson confirmed that the company uncovered evidence of unauthorized access to its corporate network, and some data had been exfiltrated. That incident was disclosed in December 2022.