Three residents of Louisiana filed a lawsuit against Progress Software Corporation (PSC) on several counts including negligence, breach of third-party beneficiary, and unjust enrichment among others. The Progress Software lawsuit filed by plaintiffs Shavonne Diggs, Brady Bradberry, and Christina Bradberry is seeking actual damages, equitable relief, and lifetime credit-monitoring services among others.
Impact of the MOVEit Transfer cyber attack
The Progress software lawsuit alleged that the plaintiffs were facing an increased risk of identity theft, and fraud. It further alleged that the defendant Progress Software had not yet notified everyone who was affected by the breach originating in its enterprise.
The Progress Software lawsuit was filed on June 20, 2023, which stated that due to the improper security measures taken by the company, countless users’ data has been exposed to a well-known Russian cybergang, Cl0p ransomware group.
Details like names, addresses, Social Security Numbers, birthdates, and demographic data were exposed to cybercriminals and users on the dark web. Also, driver’s license numbers, vehicle registration data, and other financial information of individuals impacted by the MOVEit cyber attack were leaked.
Accusing Progress Software of not acting promptly, the Progress lawsuit read, “Progress had not yet sent direct notice to those who were affected by the breach, which may have begun in 2021 and was only discovered in May 2023.”
Information about the Progress Software lawsuit and plaintiffs
The plaintiffs Shavonne Diggs, Brady Bradberry, and Christina Bradberry were impacted by the MOVEit Transfer cyber attack through the state Department of Motor Vehicles, which is a customer of Progress.
Besides other damages, the plaintiffs will be seeking a declaratory judgment because they will likely bear out-of-pocket expenses. With the Progress Software lawsuit, they will be seeking restitution, disgorgement, attorney’s fees and costs, and injunctive relief, according to a Bloomberg Law report.
The Progress Software complaint was filed in the US District Court for the District of Massachusetts. They will be represented by Siri & Glimstad LLP under the case Diggs v. Progress Software Corp., D. Mass., No. 1:23-cv-11370.
Point number 12 noted in the Progress Software lawsuit alleged, “Plaintiffs’ and Class Members’ identities are now at risk because of PSC’s negligent conduct as the Private Information that PSC collected and maintained is now in the hands of data thieves and other unauthorized third parties.”
Another statement in the MOVEit complaint read, “Plaintiffs and class members relied on PSC to keep their Private Information confidential and securely maintained and to only make authorized disclosures of this information which Defendant ultimately failed to do.”
Progress Software lawsuit and the failed cybersecurity of file transfer platforms
The MOVEit cyber attack lawsuit also had a mention of previous cyber attacks on secure file transfer companies. It noted the cyber attack on Accellion and Fortra’s GoAnywhere by the same cyber gang, Clop.
It accused PSC of not taking adequate security measures despite having similar examples of data breaches on file transferring services. PSC did not just lack proper security measures but did not comply with the Federal Trade Commission guidelines.
The FTC deems it unfair to not include security in all business decision making leading to the violation of Section 5 of the FTCA, 15 U.S.C. § 45. The revised guidelines in the Federal Trade Commission Act warned about the need for properly disposing of personal information that is no longer needed, encrypting data system data, and understanding network vulnerabilities.
It is recommended in the revised FTCA guidelines to use an intrusion detection system to expose a breach as soon as it occurs. The Progress Software Corp. lawsuit alleged that the PSC failed to follow some or all of the industry best practices.