Photo Showing a Data Transfer on a Mac Computer
© Rawpixel.com/Shutterstock.com
No AI-generated content: this article is written and researched by humans
Table of contents

A U.S. law firm on Tuesday announced that it is investigating the massive data breach stemming from a security flaw in the file transfer software MOVEit Transfer and MOVEit Cloud.

In a press release, Schubert Jonckheer & Kolbe LLP said victims may be entitled to compensation. This is just one of several lawsuits resulting from the breach.

In May, Progress Software’s confirmed that a security vulnerability, which was present in its software since 2021, allowed “escalated privileges and potential unauthorized access.” Multiple organizations around the world have reported they’re affected by the breach.

According to German cybersecurity firm KonBriefing, so far, 637 organizations and about 41.6 million individuals are confirmed to have been affected. Many believe the number of victims will continue to climb.

Hundreds of Major Organizations Affected

Prominent organizations affected by the MOVEit breach include Fidelity Investments, Maximus Inc., the U.S. Department of Health and Human Services, Louisiana’s Office of Motor Vehicles, the BBC, and British Airways.

In June, the Cybersecurity & Infrastructure Security Agency (CISA) published a security advisory regarding the breach, urging affected organizations to apply Progress Software’s remediation measures.

Meanwhile, the UK National Cybersecurity Centre (NCSC) has said it is working with UK organizations to investigate and respond to the breach.

“Organisations around the world have been affected by this incident, some of which have confirmed that personal data may have been stolen,” the NCSC said.

Clop ransomware group, which exploited the MOVEit vulnerability, has implored victims to contact them and pay a fee to scrub their data. The group has since leaked some of the stolen data on the web.

“Depending on which business or organization has your data, your name, address, date of birth, Social Security numbers, or other highly-sensitive information may have been breached,” Schubert Jonckheer & Kolbe LLP said.

While there are speculations that other criminal groups may have also exploited the breach, only Clop has come forward.

The Next Steps for Victims

Supply chain attacks are increasingly common. In the 2022 Risk Barometer report, Allianz warned that hackers are targeting the supply chains of software and technology companies.

MOVEit is not the first file transfer service hackers have targeted in recent years. In 2021, SHAREit and Accellion (Kiteworks) suffered security breaches that put the privacy of millions of users at risk.

“If you received a letter indicating that you may be affected by this data breach or provided your personal information to any of the above entities, you may be entitled to money damages and an injunction requiring changes to Progress Software’s or others’ security practices,” Schubert Jonckheer & Kolbe LLP said, urging affected users to contact them.

Cybercriminals can use the personal information stolen in such breaches for identity theft and phishing attacks. If you’ve been affected by this attack, we recommend reading through our guide to identity theft and phishing to learn how to stop criminals from exploiting your leaked data.

Follow us on Twitter, Threads, and Mastodon for more cybersecurity news!

Leave a comment