November 19, 2024

The US government is officially investigating the MOVEit vulnerability

0

 

The US Government has finally started its investigation into the MOVEit data breach that allegedly affected thousands of organizations around the world.

The move follows Progress Software (the company that built MOVEit) filing a document with the US Securities and Exchange Commission (SEC) in which it stated it had been subpoenaed and asked for “various documents and information” about the MOVEit flaw.

This is not an investigation into Progress, the company said, adding that it intends to “fully cooperate” during the investigation.

Financial impact

“The SEC investigation is a fact-finding inquiry, the investigation does not mean that Progress or anyone else has violated federal securities laws,” Progress said. “Progress intends to cooperate fully with the SEC in its investigation,” it was stated in the document.

Elsewhere in the filing, Progress said that for the nine months, ending with August 2023, it incurred $4.2 million in costs related to the MOVEit incident. “Costs are provided net of received and expected insurance recoveries of approximately $3.0 million, which was recognized during the first quarter of fiscal year 2023,” it said. 

MOVEit is a managed file transfer solution, generally used by SMBs and enterprises to share sensitive files securely. In late May this year, the company building out the solution was tipped off on suspicious activity. A deeper investigation uncovered a major flaw in the software, which allowed threat actors abusing it to steal the data from various endpoints. The attackers – a Russian ransomware actor named Cl0p, first said that at least a hundred companies were affected and had their data stolen. Cybersecurity experts Emsisoft claim more than 2,500 firms confirmed being affected by the breach, impacting more than 64 million people. 

“We will continue to assess the potential impact of the MOVEit Vulnerability on our business, operations, and financial results. MOVEit Transfer and MOVEit Cloud represented less than 4% in aggregate of our revenue for the nine months ended August 31, 2023,” the company concluded in the filing.

Via TechCrunch

More from TechRadar Pro

Thousands of corporate logins have been taken by info-stealing malwareHere’s a list of the best firewalls todayThese are the best malware removal tools right now