Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits

Financial services companies breached as a result of MOVEit zero-day vulnerability are facing a flurry of class action lawsuits over the exposure of sensitive customer financial data.

TD Ameritrade and Charles Schwab are the latest firms facing suits, this time in the US District Court in Nebraska by David Schultz, who on Aug. 23, filed a complaint accusing both corporations of failing to secure personally identifiable information (PII), recklessness with collected data, and other offenses, which he blames for the MOVEit compromise. Schultz is asking for compensation for exposing him and others to potential fraud, and the time and out-of-pocket expenses he and other victims incurred trying to secure their identities.

Just the previous week, on Aug. 15, Prudential was likewise hit with a class action lawsuit, this time in the US District Court in New Jersey by Bruce Parker, who is demanding a jury trial in his effort to get compensation for the company's failure to adequately protect its customers' PII in the wake of the MOVEit zero-day attacks.

Progress Software, the company behind the MOVEit File Transfer Software used to breach more than 150 organizations, is itself getting hauled into court due to a nationwide class action lawsuit of its own — accused of negligence, and breach of contract, among other misconduct.

The Cl0p ransomware group claimed responsibility for the massive zero-day exploit that led to the compromise of some of the world's most widely recognized organizations including Disney, Chase, BlueCross BlueShield, British Airways, Geico, and many more.