The MOVEit breach: what to know and what to do about it

by Jon Lober | NOC Technology

Is your data affected by the MOVEit attack?


What happened and how to respond to one of the largest known cybersecurity breaches.

The MOVEit breach is likely to be one of the largest in history. Here is how it might affect you and how you should respond.


If you are not already aware of the MOVEit Transfer breach, you likely will be soon. At last count, 46 million people and 600+ organizations were confirmed to have been impacted by this massive data breach, and that number is still rising. The FBI currently estimates that a sobering 3,000 organizations have been impacted in the US alone—most of them still unaware of the attack.


How did this happen?

MOVEit Transfer is a popular file management software designed to transfer sensitive information. In May 2023, a small line of malicious SQL code was discovered in MOVEit by Progress, the company behind MOVEit Transfer. That code allowed the Russian cybercrime group “Cl0p” to hijack some of the sensitive information flowing through MOVEit.


Once they had access to the information, Cl0p began to extort MOVEit clients—threatening to release their sensitive customer data unless they were paid. Unfortunately, Cl0p has proven good to its word and has since released enormous amounts of sensitive information.


Since that time, a staggering number of individuals have been potentially compromised through their pension funds, contractors, state DMVs, departments of social services, financial institutions, county governments, and universities.


Due to the seriousness of this incident, the National Institute of Standards and Technology (NIST) has assigned a severity score of 9.8 out of 10 (critical) to the breach in its National Vulnerability Database, and the U.S. State Department has levied a $10 million bounty against Cl0p.


Missourians have not dodged this cyber bullet. In August 2023, the Missouri Department of Social Services (DSS) confirmed that they had been compromised through this attack.


The DSS press release acknowledged that they were a downstream victim of the attack—although they did not use MOVEit software, one of their vendors (IBM) did, resulting in the breach of DSS data. In particular, Missouri citizens that coordinate their Medicaid coverage through DSS have likely been compromised.


What should you do if you have been compromised by the MOVEit data breach as an individual?

If you have been informed that your personal data has been potentially compromised, you should immediately change any passwords associated with the impacted email address and begin to monitor your accounts for any suspicious activity.


In addition, US citizens have the right to request one free credit report annually from Equifax, Experian, or TransUnion. Potential victims that believe that fraudulent activity may be occurring under their names are encouraged to check their credit reports and report any suspected identity theft to the Federal Trade Commission.


Finally, you can add a fraud alert to your credit report file in order to protect your credit information and prevent fraudsters from abusing your identity. Although this may slow down your own ability to obtain credit, it will also complicate the process for anyone attempting to fraudulently obtain credit in your name.


You can add the fraud alert to your account (free of charge) by contacting any of the credit reporting agencies listed above. You only need to notify one of the three. Whichever agency you contact will automatically notify the other two agencies.


How can you know if your business’s data has been compromised by the MOVEit data breach?

If you use MOVEit Transfer, you should have already been notified and taken the steps listed below in order to mitigate the impact of the attack. However, even if you do not use MOVEit, you could still be exposed if your vendors have been affected.


We recommend that all businesses contact their vendors to directly ask if they have been affected by the data breach. In addition, you should review your vendor contracts to make sure that they require immediate disclosure from your vendors if they are ever compromised.


How can you respond if your business’s data has been compromised by the MOVEit data breach?

If your business uses MOVEit Transfer, you should immediately follow the guidelines provided by Progress on their Vulnerability webpage. We will summarize their main points below, but all users should follow the detailed instructions on their webpage.


  1. Disable all HTTP and HTTPs traffic to your MOVEit Transfer environment.
    Use your firewalls to deny access to MOVEit Transfer on ports 80 and 443 until the patch is applied.
  2. Review, Delete and Reset accounts.
    Delete any instances of files containing the “human2” prefix or “.cmdline” script files. Search the MOVEit Transfer servers for new files in the directories indicated by Progress. Remove unauthorized user accounts. Stop all active sessions. Review logs. Reset account credentials.
  3. Apply the software patch provided by Progress.
    You can find the most recent version of the patch on the Progress Vulnerability response website.
  4. Verify that all compromised files have been removed.
    Repeat step number two to check for indicators of compromise.
  5. Perform continuous monitoring.
    Keep abreast of how the vulnerability response continues at Progress’s update page.
Brace your business against these top five cyber threats to SMBs

Top 5 Cyberthreats to SMBs—and How to Stop Them

By Jon Lober April 29, 2025
Are you taking unnecessary risks with your data?
Missouri Sheltered Workshops can empower human potential through AI

Empowering Sheltered Workshops with AI and Automation

By Jon Lober April 24, 2025
Embracing the potential of both AI and humans
Tech upgrades that will boost employee safety in sheltered workshops

Enhancing Safety in Sheltered Workshops with Smart Technology

By Jon Lober April 15, 2025
At NOC Technology, we've worked with Missouri sheltered workshops for over seven years, and I've witnessed firsthand how the right technological implementations can transform sheltered workshop environments. Today, I'd like to share some insights on leveraging modern technology to create safer workspaces while maintaining the dignity and privacy of all participants. The Unique Safety Challenges of Sheltered Workshops Sheltered workshops provide valuable employment opportunities for individuals with disabilities, but they also present unique safety considerations. Workers may have varying levels of physical mobility, cognitive processing, and sensory perception—all of which can impact how they respond to traditional safety measures. Additionally, the production environments often involve machinery, tools, and materials that require careful monitoring and management. The Role of Smart Technology in Safety Advancements in smart technology provide real-time safety monitoring, immediate alerts for potential hazards, and improved emergency response times. Let’s explore some key technologies and their benefits in sheltered workshop environments. Personalized Alert Systems Traditional emergency alarms can be overwhelming for individuals with sensory sensitivities. Smart alert systems can deliver personalized notifications through: Vibrating wristbands that alert workers without auditory overload Visual notification systems with customizable colors and patterns Tablet-based communication for workers who benefit from visual cues Location-specific alerts that only notify those in affected areas We recently implemented a multi-modal alert system at a workshop in central Missouri that reduced anxiety-related incidents during emergency drills by 65% . Environmental Monitoring Maintaining optimal environmental conditions is crucial for both safety and productivity: Temperature and humidity sensors that automatically adjust HVAC systems Air quality monitors that detect potentially harmful particulates Noise level monitoring to prevent sensory overload Automated ventilation systems that activate when chemical levels exceed thresholds These systems not only protect workers but also provide documented compliance with OSHA regulations. Enhanced Supervision through Smart Cameras Security cameras have evolved beyond simple surveillance. Modern systems can: Detect unusual patterns that might indicate a worker in distress Monitor restricted areas without constant staff presence Identify when machinery is being used incorrectly Alert supervisors to potential safety hazards Important note: All camera systems should be implemented with strict privacy protocols and transparent policies. Workers and guardians should be fully informed about what is being monitored and why. In many cases, audio cannot be recorded, and the camera system must be configured to meet this requirement. Wearable Safety Technology Wearable devices offer personalized safety monitoring without stigmatization: Fall detection pendants that automatically alert staff Location tracking that helps locate workers in emergency situations Biometric monitoring for workers with health conditions Proximity sensors that prevent accidental entry into hazardous areas These wearables can be designed to look like standard ID badges or watches, preserving dignity while enhancing safety. Implementation Best Practices Successfully integrating smart technology into sheltered workshops requires careful planning: Involve all stakeholders: Workers, guardians, and staff should participate in selecting and implementing new technologies. Prioritize simplicity: Choose solutions that require minimal training and maintenance. Phase in gradually: Introduce new technologies in stages to allow everyone time to adapt. Balance automation with human oversight: Technology should supplement, not replace, trained staff. Respect privacy: Collect only essential data and maintain strong security protocols.
More Articles