Progress Software Corporation, PBI Research Services Hit with Class Action Over MOVEit Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Progress Software Corporation faces a proposed class action over a data breach that has reportedly impacted millions of individuals whose private information was stored on its file transfer system MOVEit.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

 According to the 57-page case, cybercriminals were able to exploit several security vulnerabilities in the MOVEit transfer application beginning on May 27 of this year. These vulnerabilities, which Progress Software admits to having sustained as far back as 2021, resulted in “dozens” of cyberattacks impacting the businesses and government organizations that use the software company’s file transfer tool, the complaint alleges.

Among these affected entities and named as a defendant in the lawsuit is PBI Research Services (PBI), a Minnesota-based company that uses MOVEit to provide death verification services to pension funds, insurance companies and other clients. The filing says PBI began informing its clients around June 16 that the cyberattack compromised certain customer and agent information, including names, Social Security numbers, birth dates, demographic information, insurance policy numbers and financial information.

Related Reading: 2023 MOVEit Data Breach Lawsuits

The plaintiff, a New York consumer, says he was unaware that his personal data was exposed to cybercriminals until he received notification in mid-June from Genworth Financial, an insurance company that partners with PBI, the complaint says. Per the suit, Progress Software and PBI have failed to directly notify individuals affected by the breach.

The complaint claims that the defendants, despite their legal obligations to protect consumers’ confidential information from unauthorized exposure, maintained data in an “unsafe and unsecure [sic] manner.”

“[The] [d]efendants could have prevented this Data Breach by properly testing, monitoring, auditing, securing and encrypting the systems containing the Private Information of Plaintiff and Class Members,” the complaint says, adding that PBI “negligently” chose to use a file transfer software that contained security vulnerabilities.

Reports from BleepingComputer.com reveal that the attacks on the MOVEit platform were carried out by Clop, a Russian-linked ransomware group that has begun extorting entities impacted by the breach by threatening to publish stolen data online.

“Hackers such as Clop can and do offer for sale unencrypted, unredacted Private Information to criminals. The exposed Private Information of Plaintiff and Class Members can, and likely will, be sold repeatedly on the dark web,” the suit adds. For this reason, data breach victims now face a significant and long-lasting risk of identity theft and fraud, the case contends.

The lawsuit looks to represent anyone whose private information was accessed or acquired during the data breach as a result of the exploitation of Progress Software Corporation’s MOVEit application vulnerability.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.