The Securities and Exchange Commission (SEC) has concluded its investigation into the MOVEit vulnerability and has decided not to recommend enforcement action against Progress Software at this time. This decision comes after a significant cybersecurity incident last year where hackers exploited the MOVEit file transfer tool, leading to the theft of data from millions of individuals.
Progress Software, the developer behind MOVEit, faced scrutiny from various domestic and international regulators, including the SEC, which issued a subpoena on October 2, 2023, seeking information about the incident. Despite the scale of the attack, which affected 2,773 organizations and exposed the records of nearly 96 million people, the SEC has opted not to penalize the company.
The nature of the SEC’s investigation, which often includes examining how companies communicate with investors, remains undisclosed. However, the decision aligns with a similar case involving SolarWinds, where the agency also ruled against enforcement.
The MOVEit incident sparked global outrage as it involved data theft from numerous government agencies and Fortune 500 companies by hackers linked to the Clop ransomware gang. Progress Software reported spending approximately $4.2 million in response to the incident, with a significant portion expected to be covered by cyber insurance.
Despite the SEC’s decision, Progress Software faces legal challenges, including numerous lawsuits from affected companies and approximately 144 class action lawsuits from individuals claiming to be impacted by the data breach. The breach has been described as a “cybersecurity disaster of staggering proportions,” with sensitive information such as Social Security numbers and banking details being compromised.
The financial impact on the hackers is estimated to be substantial, with earnings from ransoms during the MOVEit campaign ranging between $75 million to $100 million.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
John, how can we find out if we were compromised?
Good question. If you suspect your personal information has been compromised, here are some proactive steps you can take:
Check Data Breach Sites: Websites like ‘Have I Been Pwned’ can tell you if your personal email address or phone number has been part of a data breach.
Monitor Financial Accounts: Keep an eye on your bank and credit card statements for any unauthorized transactions.
Check Credit Reports: You can obtain a free credit report from the major credit bureaus to search for any unusual activity.
Update Security Measures: If you’ve been notified of a breach, change your passwords for online accounts and consider using a password manager.
Enable Two-Factor Authentication: This adds an extra layer of security to your accounts and is highly recommended where available.
Be Vigilant with Communications: Watch out for phishing attempts and unsolicited requests for personal information.
Should you discover that your information has indeed been compromised, it’s critical to act swiftly. Report any fraudulent activity to your financial institutions, change your passwords. Also, just so you know, you can subscribe to LifeLock, which is a reputable company. It will cost you about $300 per year, but it’s worth it. I have it, and it has been great.
Okay. Thanks. I check my bank accounts twice a day. I block male actors wanting to be my friend. ( I check their Facebook accounts and most have nothing to show. I do not connect to strangers.
Good practices like that will keep you safe. 😎