The US government is officially investigating the MOVEit vulnerability

A computer being guarded by cybersecurity.
(Image credit: iStock)

The US Government has finally started its investigation into the MOVEit data breach that allegedly affected thousands of organizations around the world.

The move follows Progress Software (the company that built MOVEit) filing a document with the US Securities and Exchange Commission (SEC) in which it stated it had been subpoenaed and asked for “various documents and information” about the MOVEit flaw.

This is not an investigation into Progress, the company said, adding that it intends to “fully cooperate” during the investigation.

Financial impact

“The SEC investigation is a fact-finding inquiry, the investigation does not mean that Progress or anyone else has violated federal securities laws,” Progress said. “Progress intends to cooperate fully with the SEC in its investigation,” it was stated in the document.

Elsewhere in the filing, Progress said it will "continue to assess the potential impact of the MOVEit Vulnerability on our business, operations, and financial results."

MOVEit Transfer and MOVEit Cloud, it added, represented "less than 4% in aggregate" of its revenue for the nine months ended August 31, 2023.

MOVEit is a managed file transfer solution, generally used by SMBs and enterprises to share sensitive files securely. In late May this year, the company building out the solution was tipped off on suspicious activity. A deeper investigation uncovered a major flaw in the software, which allowed threat actors abusing it to steal the data from various endpoints. The attackers - a Russian ransomware actor named Cl0p, first said that at least a hundred companies were affected and had their data stolen. Cybersecurity experts Emsisoft claim more than 2,500 firms confirmed being affected by the breach, impacting more than 64 million people. 

“We will continue to assess the potential impact of the MOVEit Vulnerability on our business, operations, and financial results. MOVEit Transfer and MOVEit Cloud represented less than 4% in aggregate of our revenue for the nine months ended August 31, 2023,” the company concluded in the filing.

Via TechCrunch

Edit, October 13: Changes made to better reflect the effect of the breach on the company, as per the filing.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.