Estimated reading time: 1 minute, 28 seconds

MOVEiT Vendor Faces Widespread Probes After Mass-Hack

Progress Software, the maker of the MOVEit file-transfer software at the center of a mass-hack affecting an ever-growing array of organizations, has found itself facing investigations on all sides.

SEC Seal of the United States Securities and Exchange CommissionAs CSO reports, Progress has disclosed a formal inquiry from the Securities and Exchange Commission into the widely exploited MOVEit vulnerability. Progress said it plans to cooperate fully with the SEC, which so far has requested “various documents and information” relating to the bug. The company noted that the SEC “fact-finding inquiry …does not mean that Progress or anyone else has violated federal securities laws.”

At the same time, as The Record points out, Progress also revealed that it has received 23 letters from customers seeking indemnification. Plus, Progress said that an unidentified insurance company is "seeking recovery for all expenses incurred in connection with the MOVEit vulnerability.” Progress added, “We have also been cooperating with several inquiries from domestic and foreign data privacy regulators, inquiries from several state attorneys general,” along with an investigation from an unnamed U.S. law enforcement agency.

As TechCrunch reports, while it was still unclear precisely how many MOVEit clients have been affected by the mass-hack, Emisoft counts 2,546 organizations that have confirmed an impact, spanning 64 million people.

The MOVEit hack may represent a fork in the road for ransomware tactics, as Business Insurance reports. Since the mass-hack, vendor risk has overtaken phishing to become Resilience clients’ most common point of failure. according to research from Resilience Cyber Insurance Solutions.

What’s more, as Dark Reading reports, Progress’s pain may alter how cyber insurers do business. Mark Millender, senior advisor for global executive engagement at Tanium, told the news website that the software company’s $15 million cyber insurance policy will raise premiums and tighten coverage requirements for others seeking coverage.

Read 1496 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.