The US government is officially investigating the MOVEit vulnerability
The US government has finally begun its investigation into the MOVEit data breach that reportedly affected thousands of organizations around the world.
The move follows Progress Software (the company that built MOVEit) submitting an application document with the U.S. Securities and Exchange Commission (SEC), stating that it had been subpoenaed and requested “various documents and information” regarding the MOVEit error.
This is not an investigation into Progress, the company said, adding that it plans to “fully cooperate” during the investigation.
Financial impact
“The SEC investigation is a fact-finding investigation, the investigation does not indicate that Progress or anyone else violated the federal securities laws,” Progress said. “Progress intends to fully cooperate with the SEC in its investigation,” the document said.
Elsewhere in the filing, Progress said it incurred $4.2 million in costs related to the MOVEit incident during the nine months ending August 2023. “Costs are reflected net of received and expected insurance recoveries of approximately $3.0 million, which were recognized during the first quarter of fiscal 2023,” the report said.
MOVEit is a managed file transfer solution, generally used by SMBs and large enterprises to share sensitive files securely. At the end of May this year, the company that developed the solution was tipped off about suspicious activity. A deeper investigation revealed a major flaw in the software, which allowed exploiting threat actors to steal data from several endpoints. The attackers, a Russian ransomware actor called Cl0p, initially said at least a hundred companies had been affected and their data stolen. Cybersecurity experts at Emsisoft claim that more than 2,500 companies have confirmed they have been affected by the breach, which affects more than 64 million people.
“We will continue to assess the potential impact of the MOVEit vulnerability on our business, operations and financial results. MOVEit Transfer and MOVEit Cloud, in aggregate, represented less than 4% of our revenue for the nine months ended August 31, 2023,” the company concluded in the filing.
Through TechCrunch