In May 2023, a data breach was identified involving MOVEit Transfer, a file-sharing software from Progress Software Corp. used globally for transferring sensitive data. The breach, attributed to the Clop ransomware group, is believed to have begun as early as 2021, during which the hackers accessed and stole sensitive information from various organizations, including hospitals, banks, businesses, government agencies, pension funds, and universities.
PW partner Melissa Weiner was appointed as the Co-Chair of the Offensive and Third-Party Discovery Committee. In this multi-district cybersecurity litigation involving hundreds of defendants and an estimated 40 million people, Plaintiffs alleged Defendants failed to properly secure and safeguard Plaintiff’s and Class Members’ personally identifiable information (“PII”) and private health information (“PHI”) including, but not limited to, Plaintiffs’ and Class Members’ names, address, Social Security numbers, birthdates, certain medical and treatment records, and other sensitive information. Plaintiffs alleged their and Class Members’ Private Information that was hosted on MOVEit’s transfer services software was negligently and/or recklessly configured and maintained so as to contain security vulnerabilities that resulted in multiple breaches of its network and systems or of its customers’ networks and systems. These security vulnerabilities existed as far back as 2021. As a result of the breach, Plaintiffs alleged unauthorized third-party cybercriminals gained access to and obtained Plaintiff’s and Class Members’ Personal Information.
In re MOVEit Customer Data Security Breach Litigation is currently pending in the District of Massachusetts, Case No. 1:23-md-03083-ADB.