お知らせ • Aug 17
Hagens Berman Sobol Shapiro LLP Files Five Nationwide Class-Action Lawsuits Against Progress Software
Hagens Berman Sobol Shapiro LLP announced that following the 2023 MOVEit data breach, attorneys at Hagens Berman filed five nationwide class-action lawsuits against Progress Software and various other organizations for compromising the sensitive personal information of an estimated 40 million people. Data compromised in the 2023 MOVEit data breach includes contact information, dates of birth, social security numbers, pension information, medical records, billing data and banking information. More than 600 organizations were hacked, including banks, schools and government agencies. Hagens Berman filed its latest class-action lawsuit against Progress Software on August 15, 2023, accusing it of negligence, unjust enrichment and breach of contract. The firm’s prior lawsuits against Progress also name Johns Hopkins University and Health System, Pension Benefit Information and PBI Research Services. The firm plans to file additional complaints against other co-defendants involved in the data breach. According to attorneys, the full scope of other involved parties is still being revealed, and those affected will be made aware via mailed letters detailing the breach of their sensitive information by Progress Software’s MOVEit. According to the lawsuit, in June 2023, hackers from the well-known Russian cybergang, Clop, discovered a security vulnerability in MOVEit, a managed file transfer software owned by Progress Software used by many organizations to store, manage and distribute information. Progress markets MOVEit as a software that guarantees the security of sensitive files both at-rest and in-transit, and promises data security compliance. The vulnerability had existed since 2021, according to the lawsuit, but was never rectified due to Progress’s negligence, and hackers were able to exploit this vulnerability and gain access to sensitive personal data collected by organizations that used the software, the lawsuit states. Because many of the organizations impacted by the data breach handle data on behalf of others, who in turn received that data from third parties, the security vulnerability discovered in the MOVEit software and Progress’s reckless mismanagement of its data allowed hackers to slip past the defenses of a vast, interconnected web of companies and institutions. The list of affected organizations continues to grow, according to attorneys. Attorneys say Progress failed those whose data it stored in several key manners, including its failure to monitor and maintain basic network safeguards, failing to maintain adequate data retention policies, not training staff on data security, failing to comply with industry standards of data security, and failing to encrypt users’ private Information, among other shortcomings that led to the compromised information of tens of millions of people. Even in the wake of this massive data breach, attorneys say Progress has made no assurances that it has adequately enhanced its data security practices to sufficiently safeguard from a similar vulnerability in MOVEit in the future. The lawsuit states, Hackers such as Clop can and do offer for sale unencrypted, unredacted Private Information to criminals. The exposed Private Information of Plaintiff and Class Members can, and likely will, be sold repeatedly on the dark web. Hagens Berman’s attorneys suggest that anyone who believes they may have been affected monitor their financial accounts for any suspicious activity. Experts recommend consumers freeze their credit with all three credit reporting agencies. If elect to use any paid service to protect yourself from identity theft because of the MOVEit data breach, be sure to save receipts itemizing payments. May be eligible for reimbursement through future legal actions.