A class-action lawsuit has been filed against Progress Software by individuals affected by the MOVEit data breach, seeking class action status. Plaintiffs Shavonne Diggs, Brady Bradberry, and Christina Bradberry allege that Progress failed to properly secure and safeguard personal data, exposing individuals to an increased risk of identity theft. The lawsuit also accuses Progress of a lack of timely notification to affected individuals and a failure to properly monitor and implement data security practices that could have detected the breach sooner.
The New York-based law firm Siri & Glimstad LLP is representing the plaintiffs, who are residents of Louisiana and were affected by the attackers stealing information from the state’s Office of Motor Vehicles. Progress Software publicly disclosed and patched the SQL vulnerability (CVE-2023-34362) on May 31, but the Clop ransomware group exploited the zero-day flaw in MOVEit software.
This allowed attackers to steal sensitive data from organizations such as British Airways, Shell, and the U.S. Department of Energy. Clop continues to employ extortion tactics, demanding ransom payments and leaking data for non-payers. Victims, including Sony, PwC, and EY, have been targeted. The lawsuit comes in the wake of multiple organizations notifying affected individuals about breaches related to MOVEit, adhering to state data breach notification rules. The plaintiffs, having received notice from the state’s Office of Motor Vehicles, now face the potential exposure of Social Security numbers, driver’s license numbers, vehicle registration information, birthdates, and other personal details.
