The software company at the center of the vast swarm of MOVEit file transfer system cyberattack litigation has proposed a framework for sorting the many federal lawsuits.
The federal courts have already centralized more than 100 MOVEit cyberattack cases under U.S. District Judge Allison Burroughs of the U.S. District Court for Massachusetts, and the courts are continuing to send "tag-along cases" her way.
Progress Software has suggested dividing the MOVEit Customer Data Security Breach cases into three main tracks, according to a document filed with the court:
- A corporate track for Progress Software and Ipswitch, the subsidiary in charge of MOVEit.
- A track for direct MOVEit users, such as Johns Hopkins University, Unum and Charles Schwab.
- A track for vendors that were using MOVEit to administer their own institutional customers' business. This track includes organizations such as Pension Benefit Information and TMG Health.
The proposed vendor track would have two main branches.
One branch could consist of vendor contracting entities, or companies like Jackson, MassMutual and Prudential that were the customers of the MOVEit vendors, and that were sued along with the vendors.
The other branch could consist of "vendor contracting entity customers," or MOVEit vendor customers that were sued without the vendors themselves being sued. The list of such customers that were sued without the vendors being sued are Continental Casualty, Lumico Life, Standard Insurance and Puritan Life.
The litigation is the result of successful efforts by the Cl0p ransomware organization to hack into systems supporting MOVEit sometime around May 2023.
What it means: Where you and your clients fit in the MOVEit litigation could affect what kinds of compensation and support services are available, or when any compensation actually gets paid, because some defendants could come under different state laws, be more aggressive than others, settle more quickly than others or have more resources than others to be used to compensate plaintiffs.
The Cl0P attack: Members of TA505, the group that spawned the Cl0p team, appear to speak Russian and are likely based in Russia or a country that's a member of the Commonwealth of Independent States, according to the Canadian Centre for Cyber Security.
Many financial services companies use MOVEit to administer the big, sensitive pools of data they use to run their businesses.
Because the MOVEit system has been so popular, the Cl0p attack on the system affected more than 26 million people associated with U.S. life insurers, annuity issuers and pension plan service providers.