The U.S. Securities and Exchange Commission (SEC) has decided against any enforcement action toward Progress Software over the widespread MOVEit file transfer system hack conducted by the Cl0p ransomware operation that compromised 95 million individuals, according to SC Media.
Such a decision from the SEC may have resulted from Progress Software's timely breach notification and cooperation with authorities, as well as the absence of intentional concealment of information surrounding the incident, said Critical Start Senior Manager of Threat Research Callie Guenther.
Guenther added that discovery of late incident disclosures and cybersecurity negligence have previously led to SEC action, as shown in the $35 million fine against Yahoo following a 2014 breach.
Despite the lack of penalties against Progress Software, organizations have been urged by Zimperium Vice President of Product Strategy Krishna Vishnubhotla to extensively evaluate third-party apps.
"The MOVEit Transfer incident ... starkly underscores the need for rigorous security assessments both during procurement and when updates are delivered by third parties," Vishnubhotla said.
