Software maker Sovos Compliance said MOVEit Transfer hack impacted over 215k customers

Massachusetts-based financial software company Sovos Compliance said it suffered a significant data breach after it became a victim of the exploitation of a zero-day vulnerability in Progress Software’s MOVEit Transfer web application.

Sovos Compliance, based out of Wilmington, Massachusetts, develops software solutions for tax determination, continuous transaction control compliance, and tax & regulatory reporting. It has several big ticket clients such as the Allegis Group, Barrett Business Services Inc., Delta Dental of Iowa, GreenSky, and Midland States Bank.

In a recent filing with the Office of the Maine Attorney General, Sovos said that it used the MOVEit software to send and receive files securely. On May 31, Progress Software notified that company that the Cl0p ransomware gang had exploited a then-unknown vulnerability and accessed certain files in a MOVEit server that contained sensitive personal details of the customers of Sovos’ clients.

“We recently determined that unauthorised actors exploited the then-unknown MOVEit vulnerability to download a file containing some of your personal information,” Sovos said in its regulator filing.

It said the compromised information included the names and other personal identifiers such as Social Security Numbers of any individuals who shared their personal information with Sovos’ clients, namely Allegis Group, Barrett Business Services Inc., Delta Dental of Iowa, GreenSky and Midland States Bank.  

In the first regulatory filing on July 13, Sovos said that at least 18,513 individuals were affected by the data breach. Later, in a separate filing, the company said that the incident impacted at least 215,114 individuals.

Sovos is offering 24 months of complimentary identity monitoring services, including credit monitoring and identity theft restoration services through Kroll to all affected individuals and has established a dedicated helpline to answer any queries affected people may have.

Earlier this month, Alogent Holdings, a Georgia-based software company, also revealed that it suffered a significant data breach after it became a victim of the exploitation of a zero-day vulnerability in Progress Software’s MOVEit Transfer web application.

As of now, more than 1,100 organisations worldwide have suffered significant data breaches after the Clop ransomware gang exploited Progress Software’s MOVEit Transfer web application.