Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission (SEC) now investigating the matter, and lots of affected parties seeking compensation.
Progress admitted to the ill winds of corporate responsibility blowing its way in a quarterly SEC 10-Q filing. Per the disclosure, it received a subpoena from the SEC on October 2, in which the Commission asked for "various documents and information relating to the MOVEit Vulnerability."
"At this stage, the SEC investigation is a fact-finding inquiry, the investigation does not mean that Progress or anyone else has violated federal securities laws," the application vendor explained, adding that it intends to fully cooperate.
Progress also admitted it's facing a slew of other litigation – both in the US and in other countries – over the breach, far in excess of the dozen or so cases it was reportedly facing as of July.
"We are party to 58 class action lawsuits filed by individuals who claim to have been impacted by the exfiltration of data from the environments of our MOVEit Transfer customers," Progress stated in the filing. Those cases were consolidated into a single lawsuit in Massachusetts earlier this month.
Again, that's not all.
Progress has also received "formal letters" from 23 MOVEit customers who claim the vulnerability has cost them money, and some "have indicated that they intend to seek indemnification." In addition, Progress is also facing a subrogation claim from an insurer, which means it's "seeking recovery for all expenses ..
Support the originator by clicking the read the rest link below.
