Financial services companies [1] [2], including TD Ameritrade [1], Charles Schwab [1] [2], and Prudential [1] [2], are facing class action lawsuits over a zero-day vulnerability breach in MOVEit software [1]. The lawsuits accuse the companies of failing to secure personally identifiable information (PII) and negligence in protecting customer data [1].


The breach, attributed to the Cl0p ransomware group [1], compromised sensitive financial data of numerous organizations [1], including Disney [1] [3], Chase [1], and British Airways [1]. Progress Software [1] [2], the developer of MOVEit [1] [2], is also facing a class action lawsuit for negligence and breach of contract [1]. The plaintiffs are seeking compensation for potential fraud and expenses incurred in securing their identities [1].

The class action lawsuits against financial services companies affected by the MOVEit zero-day vulnerability breach are demanding payment for 10 years of identity theft monitoring service, as stolen Social Security numbers cannot be replaced [2]. The attacks on MOVEit servers by the Russian-speaking Clop group have impacted at least 49 million to 54 million individuals worldwide [2]. Progress Software [1] [2], the provider of MOVEit software [2], issued security patches to fix the flaw after the attacks [2]. Multiple organizations [2], including government contractor Maximus and state government agencies [2], have reported data breaches due to the attacks [2]. Lawsuits have been filed against organizations such as TIAA [2], Johns Hopkins University [2], CalPERS [2], and Progress Software [1] [2]. Prudential and Charles Schwab [2], along with its subsidiary TD Ameritrade [2], are the latest financial services giants to face lawsuits [2]. Prudential notified over 320,000 individuals of their exposed personal data and offered them prepaid credit and identity theft monitoring services [2]. A California resident has filed a complaint against Prudential [2], seeking damages and a security program overhaul [2]. TD Ameritrade and Schwab notified over 61,000 individuals of their compromised personal information and offered them prepaid credit and identity theft monitoring services [2]. A complaint has been filed against them [2], alleging negligence in protecting customer data and seeking unspecified damages [2].

Between June 2023 and the present day [3], over 600 data breaches occurred [3], affecting 40 million individuals worldwide due to the MOVEit Transfer vulnerability [3]. Threat actors exploited this zero-day vulnerability to steal or erase healthcare information [3], educational records [3], financial records [3], personal information [2] [3], Social Security numbers [2] [3], and insurance details [3]. The vulnerability was recently exploited on August 15, 2023 [3], exposing the healthcare information of the Colorado Department of Health Care Policy and Financing (HCPF) [3]. The vulnerability allowed unauthenticated remote users to perform SQL injection attacks on MOVEit servers [3], granting them access to sensitive records [3]. The breach affects primarily U.S.-based organizations [4], followed by companies in Germany [4], Canada [4], and the United Kingdom [4]. Financial service-related organizations make up a significant portion of the affected hosts [4]. The estimated cost of the breach is currently $9.9 billion [4], but it could potentially reach $65 billion if scaled [4].


The MOVEit zero-day vulnerability breach has had significant impacts on financial services companies and other organizations worldwide. The class action lawsuits highlight the importance of securing personally identifiable information and the potential consequences of negligence in protecting customer data. The breach has exposed millions of individuals to the risk of identity theft and fraud, leading to demands for compensation and identity theft monitoring services. The exploitation of the vulnerability has resulted in numerous data breaches and significant financial losses. Moving forward, organizations must prioritize cybersecurity measures and regularly update their software to mitigate the risk of similar breaches. The financial implications of the breach are substantial, emphasizing the need for robust security protocols and proactive measures to prevent future incidents.