Featured in this episode of Tech News of the Week
Y’all remember the whole ServiceNow hack that kind of broke like a thousand companies? That wasn’t the FIRST Supply Chain type of attack, but it was certainly the earliest high profile one. Well now we have another one.
MoveIt, a company that sells secure file-transfer software, suffered a major exploit over Memorial Day weekend, and the effects are still being seen. In general, if the software was open to the internet, it was compromisable. And, unfortunately, regularly compromised. Shodan identified 2,510 possible MoveIt targets.
Recent publicly announced victims include the BBC, Shell Australia, Raddison Hotels, and Johns Hopkins University. Did I mention that this exploit happened 5 months ago? Some of the higher profile victims have been, and continue to be, banks. And bank customers are apparently displeased. Displeased enough, in fact, to sue.
A class action complaint was filed in Massachusetts on the 7th of September, alleging that the defendants (namely, Fidelity, Bank of America, Corebridge Financial, F&G Annuities, Pension Benefit, and of course MOVEit Owner Progress Software. The suit alleges negligence, and that the defendants have “done little to provide affected customers with relief,” which is probably true.
People I know who would qualify as plaintiffs have either gotten a) nothing, or b) a free credit monitoring service, which as we all know, is effectively the same as a. We’ll see if this suit ever goes anywhere, but me personally? I’m not believing that I’ll get the usual $1.74 windfall until I see it.