Progress Software, the company behind the software affected by the MOVEit mass-hack, has confirmed that the U.S. Securities and Exchange Commission (SEC) has opened an investigation into the incident. The hack resulted in the exposure of personal data belonging to at least 64 million individuals. Progress Software, in a recent regulatory filing, stated that it had received a subpoena from the SEC, requesting various documents and information related to the vulnerability in MOVEit.
Key Takeaway
The SEC has launched a fact-finding inquiry into the MOVEit mass-hack, indicating potential violations of securities laws. Progress Software has stated its intention to fully cooperate with the investigation. The financial impact on the company is expected to be minimal, despite the scale of the incident.
SEC Investigation and Cooperation
Progress Software clarified that the SEC investigation is not an indication of any federal securities law violations committed by Progress or anyone else involved. However, the company assured its commitment to fully cooperate with the SEC throughout the inquiry. The subpoena specifically sought relevant documents and information related to the MOVEit vulnerability, shedding light on the SEC’s interest in understanding the extent of the breach and the potential implications.
Financial Impact and Legal Action
Progress Software expects the financial impact of the MOVEit mass-hacks to be minimal. The company has already incurred approximately $1 million in costs due to the vulnerability. This amount takes into account insurance payouts of around $1.9 million. Nevertheless, the possibility of financial losses remains, as 23 affected customers have initiated legal action and intend to seek indemnification. Additionally, 58 class action lawsuits have been filed by individuals who claim to be victims of the breach.
Extent of the Breach and Ongoing Discoveries
The number of affected MOVEit Transfer customers and individuals impacted by the breach remains uncertain. Cybersecurity company Emsisoft reported that 2,546 organizations have confirmed being affected, impacting over 64 million individuals. Furthermore, new victims continue to emerge. Sony recently confirmed that over 6,000 of its employees had their data accessed in a MOVEit-related incident. Flagstar Bank also revealed that more than 800,000 customer records were stolen.
Separate Cybersecurity Incident
Progress Software also disclosed in the filing that it had incurred additional costs of $4.2 million related to a separate cybersecurity incident in November 2022. The details of this incident were not provided. However, the company confirmed that evidence of unauthorized access to its corporate network was found, including the exfiltration of certain company data. Progress Software stated that the incident did not involve any recently reported software vulnerabilities and had no impact on its operational capabilities.
Progress Software has faced significant challenges due to the MOVEit mass-hack and the separate cybersecurity incident. The company continues to navigate the aftermath of these breaches, cooperating with the SEC investigation and addressing legal actions taken by affected parties. The impact on individuals and organizations affected by these breaches highlights the growing need for robust cybersecurity measures and proactive risk management in the digital era.
