Progress Software MOVEit Data Breach

Defendants

Anesthesia Consulting & Management

Arietis Health

Bank of America

Brighthouse Financial Inc.

CBIZ Inc.

Continental Casualty Company

Corebridge Financial

Delta Dental

F&G Annuities

Fidelity Investments

Foresters Financial Holding Company Inc.

Greater Rochester Independent Practice Association

International Business Machines Corporation D/B/A IBM

Manhattan National Life Insurance Company

Massachusetts EOHHS

MassMutual Ascend Life Insurance Company

Maximus Federal Services Inc.

Milliman Inc. D/B/A Milliman Intelliscript

Milliman Solutions LLC

Northstar Anesthesia

NYC Department of Education

Pension Benefit Information, LLC D/B/A PBI Research Services

Performance Health Technology Ltd

Premier Health Partners D/B/A Premier Health

Progress Software Corporation

Sun Life And Health Insurance Company

Talcott Resolution Life and Annuity Insurance Company

Talcott Resolution Life Insurance Company

TD Ameritrade Inc.

Teachers Insurance and Annuity Association of America

The Johns Hopkins Health System Corporation

The Johns Hopkins University

The Independent Order of Foresters D/B/A Foresters Financial

The Prudential Insurance Company of America

University of Massachusetts Chan Medical School

Welltok, Inc.

Related Documents

• Final Approval Order 05/13/25
• MDL Order No. 20 – Home-State Exception to the Class Action Fairness Act 12/12/24
• MDL Order No. 19 – Order on Defendants Rule 12(b)(1) Motion to Dismiss for Lack of Article III Standing 12/12/24
• Consolidated Class Action Complaint 12/06/24
• Motion for Preliminary Approval of Settlement (Arietis) 08/29/24
• Order on Plaintiff Leadership & Leadership Structure 01/19/24
• Case Management Order 01/19/24
• Complaint (Progress & Delta Dental) 01/12/24
• Complaint (Progress & NYC Department of Education) 01/02/24
• Complaint (Progress & CBIZ) 12/08/23
• Complaint (Progress, Welltok & Premier Health) 12/08/23
• Complaint (Progress, Arietis, Anesthesia Consulting & Management & Northstar) 12/03/23
• Complaint (Progress & Greater Rochester Independent Practice Association) 11/22/23
• Complaint (Progress, PBI & Manhattan National) 11/21/23
• Complaint (Progress, Arietis, Anesthesia Consulting & Management & Northstar) 11/06/23
• Complaint (Progress, Sovos & Midland) 11/02/23
• Complaint (Progress & Maximus) 10/20/23
• Complaint (Progress, PBI & Brighthouse) 10/03/23
• Complaint (Progress, Massachusetts EOHHS & UMass Chan) 09/26/23
• Complaint (Progress, PBI & Sun Life) 09/26//23
• Complaint (Progress, PBI & Continental Casualty) 09/25/23
• Complaint (Progress & TD Ameritrade) 09/21/23
• Complaint (Progress, PBI & MassMutual) 09/21/23
• Complaint (Progress, PBI, Fidelity, Bank of America, F&G Corebridge) 09/07/23
• Complaint (Progress, PBI & TIAA) 09/01/23
• Complaint (Progress, PBI, Milliman, Intelliscript & Foresters) 08/31/23
• Complaint (Progress, PBI & Prudential) 08/30/23
• Complaint (Progress & IBM) 08/30/23
• Complaint (Progress) 08/28/23
• Complaint (Progress & Maximus) 08/23/23
• Complaint (Progress, PBI & Talcott) 08/15/23
• Complaint (Progress & PBI [CalPERS]) 08/03/23
• Complaint (Progress & Johns Hopkins) 07/19/23
• Complaint (Progress & PBI [Genworth]) 06/28/23
• Complaint (Progress) 06/23/23

WHAT’S THE ISSUE?

In June 2023, hackers discovered a security vulnerability in MOVEit, a managed file transfer software owned by Progress Software, which they exploited to steal highly sensitive personal data from more than 600 organizations worldwide. It is estimated that 40 million people have been impacted by this data breach, which has compromised the data of more than 30 educational institutions, hundreds of companies and even some government agencies.

HOW DO I KNOW IF I’M AFFECTED?

If you have received a data breach notification letter, you may be impacted, and you can fill out the form to find out your rights. The data breach impacted hundreds of organizations, including at least 30 colleges and universities and Teachers Insurance and Annuity Association of America (TIAA), a financial services provider. Reports say that “the majority of schools” in the U.S. were likely affected by the data breach. Banks, manufacturing firms, airlines and other companies have also been impacted, exposing the data of millions of people around the country to hackers.

WHAT INFORMATION WAS STOLEN?

The hundreds of organizations impacted by the MOVEit data breach collected the following sensitive data from millions of people around the country:

• Contact information
• Dates of birth
• Social security numbers
• Pension information
• Medical records
• Billing data
• Banking information

MORE ABOUT THE MOVEit DATA BREACH

MOVEit is a software that organizations use to store, manage and distribute information, ostensibly securely. According to reports, because many of the organizations impacted by the data breach were handling data on behalf of others — as in the case of TIAA — who in turn got that data from third parties, the security vulnerability discovered in the MOVEit software allowed hackers to slip past the defenses of a vast, interconnected web of companies and institutions. New data breach impacts are still emerging, and the list of affected organizations continues to grow.

DATA BREACH IMPACTS

The estimated 40 million people whose data was stolen in the data breach must now take steps to protect themselves and mitigate the damages caused by the data breach. According to reports, identity theft is the most common consequence of a data breach and happens to about 65% of data breach victims. Consumers lost more than $56 billion to identity theft and fraud in 2020 alone, and over 75% of identity theft victims reported emotional distress.

Because Progress Software and many of the organizations that used MOVEit allegedly did not take the necessary steps to ensure that consumer data was adequately protected, victims of the 2023 data breach will be forced to take all steps possible to mitigate damages caused by the breach. 

LAWSUITS FILED

Hagens Berman has filed multiple lawsuits against Progress, PBI Research Services and other companies that are allegedly responsible for mishandling your sensitive personal data. As new facts continue to emerge, our consumer rights attorneys are pursuing every avenue to justice for the more than 40 million people impacted by the MOVEit data breach.

YOUR CONSUMER RIGHTS

According to the lawsuit, Progress Software advertised that files transferred using MOVEit would be done so securely. Yet the personal information of millions of people around the country was compromised by a single vulnerability in this widely used software, putting them at high risk for identity theft and ongoing fear of financial and personal anguish. Hagens Berman believes that consumers deserve swift and just action for the alleged negligence of Progress Software and other organizations involved in the 2023 data breach. The firm will investigate Progress Software and other organizations for negligence and violations of state and federal laws, and seeks to secure financial relief for the many consumers impacted by the breach.

TOP CONSUMER RIGHTS FIRM

Hagens Berman is one of the most successful consumer protection law firms in the U.S. and has achieved settlements valued at more than $320 billion in settlements against some of the nation's most powerful corporations and institutions. Hagens Berman is currently one of a select few firms chosen to finalize a settlement with T-Mobile for its 2021 data breach, in which the mobile carrier has agreed to pay $350 million into a settlement fund for customers.

NO COST TO YOU

In no case will any class member ever be asked to pay any out-of-pocket sum. In the event Hagens Berman or any other firm obtains a settlement that provides benefits to class members, the court will decide a reasonable fee to be awarded to the class's legal team.