Deepening financial repercussions for Progress Software due to reduced revenue from MOVEit discontinuation
In a series of events that began in 2021, Progress Software, a software company, has found itself embroiled in a complex legal and cybersecurity crisis. The root of the issue stems from a vulnerability in MOVEit, Progress' file-transfer software, which was exploited by the Clop ransomware group.
The data breach was discovered in May 2023, and it is estimated that more than 40 million people have been impacted. Progress disclosed the November incident in an 8-K filing with the Securities and Exchange Commission (SEC). Despite the cyberattacks, Progress stated that it remained fully operational throughout the incident and that it was fully resolved.
However, the costs associated with these cyberattacks have been substantial. Progress incurred costs of $1 million, after insurance recoveries, related to the attacks. The total cost of the cyberattacks against MOVEit environments, as of August 2025, amounts to $2.9 million.
The current status of class-action lawsuits and claims against Progress Software related to the MOVEit file-transfer vulnerability is that multiple lawsuits have been filed and are proceeding in multidistrict litigation (MDL) in the U.S. District Court for the District of Massachusetts. On July 31, 2025, Judge Allison D. Burroughs largely denied motions to dismiss key claims, allowing negligence, breach of contract, unjust enrichment, and various consumer protection claims against Progress Software to move forward.
The lawsuits assert that Progress marketed MOVEit as secure but allegedly failed to protect users' personal information adequately against the vulnerability. Law firms like Hagens Berman are actively pursuing claims for negligence and violations of state and federal laws, seeking financial relief for affected consumers.
The MDL litigation has been streamlined but continues, with ongoing legal activities, including settlements involving other defendants such as a Microsoft unit reaching an $8.5 million agreement approved in August 2025.
It is important to note that the Securities and Exchange Commission (SEC) issued a subpoena to Progress on October 2, seeking documents and information related to the MOVEit vulnerability. The investigation uncovered evidence of unauthorized access to Progress' corporate network and corporate data theft.
Progress maintains that the SEC investigation does not imply any violation of federal securities laws. The company spokesperson stated that Progress is cooperating with the SEC's investigation and engaging with the cybersecurity community to combat advanced cybercriminals.
By the end of August, Progress had received formal letters from 23 customers and others claiming impacts from the attacks. Some of these customers indicated plans to seek restitution from the company. The growing number of class-action lawsuits and claims filed by customers will lead to further costs for the company.
Despite the challenges, Progress has experienced minimal business impact from the mass-exploit of a zero-day vulnerability in MOVEit and subsequent ransomware attacks against its customers so far. The company spokesperson also emphasized that Progress remains focused on supporting its customers and promptly sharing information about the coordinated attack on their environments.
Progress has $10.1 million of insurance coverage remaining, but the insurance coverage balance is dwindling after recoveries from MOVEit and the cyberattack last November. The company has also received a subrogation claim from an insurer seeking recovery for expenses related to the MOVEit attacks.
As the legal battles and investigations continue, Progress Software faces a challenging road ahead, working to address the impacts of the MOVEit vulnerability and regain the trust of its customers and stakeholders.
[1] Progress Software Faces Multiple Lawsuits Over MOVEit Data Breach [2] Hagens Berman Pursues Class Action Against Progress Software Over MOVEit Data Breach [3] Judge Denies Progress Software's Motion to Dismiss MOVEit Data Breach Lawsuit [4] Progress Software Data Breach: What You Need to Know [5] Microsoft Unit Agrees to $8.5 Million Settlement Over MOVEit Data Breach
- The legal and cybersecurity crisis faced by Progress Software, due to the exploitation of a vulnerability in their MOVEit file-transfer software by the Clop ransomware group, has resulted in multiple class-action lawsuits, mostly focusing on the alleged failure to protect users' personal information adequately.
- The cyberattacks against MOVEit environments have incurred substantial costs for Progress Software, reaching a total of $2.9 million as of August 2025, with insurance recoveries accounting for a portion of these costs.
- In addition to the financial implications, Progress Software is facing challenges in regaining the trust of its customers and stakeholders, following a mass-exploit of a zero-day vulnerability in MOVEit and subsequent ransomware attacks against its customers.
