SEC investigation into MOVEit exploitation by Progress Software: Progress Software maintains cooperation with the Securities and Exchange Commission in the ongoing probe concerning exploitation of their MOVEit software.

SEC investigation into MOVEit exploitation by Progress Software: Progress Software maintains cooperation with the Securities and Exchange Commission in the ongoing probe concerning exploitation of their MOVEit software.

Progress Software, a leading software company, is currently under investigation by the Securities and Exchange Commission (SEC) due to the MOVEit vulnerabilities that have led to significant data breaches and ransomware attacks. The investigation was first disclosed by Progress Software in October 2023, following mass exploitation activity that affected thousands of companies and organizations [1].

The exploitation, facilitated by the Clop ransomware group, targeted a zero-day vulnerability (CVE-2023-34362) in Progress' MOVEit Transfer software. This vulnerability, first actively exploited around late May 2025, was responsible for sensitive customer data and personally identifiable information breaches [3].

Progress Software acted swiftly, identifying the flaw and releasing multiple patches from late May through early July to address the critical SQL injection and remote code execution flaws [3]. However, the exploitation caused widespread impacts, including public leaks by the attackers and continuing scans suggesting potential additional vulnerabilities.

During Progress Software’s fiscal first quarter conference call, the company likely discussed the cyber incident expenses arising from the MOVEit security breach. These costs would include incident response, remediation, legal and regulatory compliance measures related to the investigation, and possibly damages related to customer notification and protections. However, specific financial figures from the call are not detailed in the available sources.

CEO Yogesh Gupta stated that the company has received positive feedback for its response to the situation. In addition, Progress Software disclosed $987,000 in cyber incident and vulnerability response expenses for the fiscal first quarter [2].

Regarding the potential acquisition of MariaDB, there is no direct information in the search results confirming that Progress Software is actively pursuing or in discussions related to acquiring MariaDB as part of its strategy or responses to the MOVEit incident.

The SEC, Federal Trade Commission, data privacy regulators in the U.S. and abroad, several attorneys general, and various class action lawsuits are investigating the MOVEit vulnerability and related attacks. For the full year of fiscal 2024, Progress Software expects revenue to be between $722 million and $732 million, which is consistent with earlier guidance [2].

It's worth noting that MOVEit only represents about 4% of Progress Software's total revenues. The forecast calls for about $5.8 million in cyber incident and vulnerability response expenses for the fiscal year 2024.

The number of class action lawsuits disclosed in Progress Software's 10-K filing is approximately 118. The company reported revenue of $185 million for the fiscal first quarter ending Feb. 29, 2024.

The investigations regarding MOVEit vulnerabilities were previously disclosed in Progress Software's 10-K filing. The new offer for MariaDB, if successful, would be 9% higher than the previous potential offer by K1 Investment Management [2]. The potential offer for MariaDB is 60 cents a share.

In summary, Progress Software faces an ongoing SEC investigation due to the MOVEit vulnerabilities exploited by Clop ransomware, leading to significant data breaches starting May 2025 [1][3]. The company likely incurred material cyber incident expenses relevant to the ongoing investigation and remediation efforts, though explicit financial details were not found in the search results. No evidence currently supports any active progress or announcement regarding a MariaDB acquisition linked to Progress Software amidst this context.

If further details on the SEC probe, fiscal impacts, or acquisition plans become publicly available, they would provide greater clarity on Progress Software’s response and strategic direction post-MOVEit breach.

[1] [Source 1] [2] [Source 2] [3] [Source 3]

1. The ongoing investigation by the Securities and Exchange Commission (SEC) regarding Progress Software's MOVEit vulnerabilities highlights the importance of cybersecurity in the finance and technology sector, particularly in business operations.
2. The data breaches caused by the exploitation of the MOVEit vulnerability have exposed sensitive data and personally identifiable information, increasing the company's vulnerability to cyberattacks and privacy concerns.
3. Despite the severe impacts of the MOVEit breach, Progress Software has committed resources toward incident response, remediation, and compliance measures following the cyber incident, as evidenced by the disclosed cyber incident and vulnerability response expenses of $987,000 for the fiscal first quarter.
4. As Progress Software navigates this cybersecurity challenge, potential acquisitions, such as MariaDB, could serve as strategic moves to bolster the company's security measures and technology infrastructure, especially given the increasing need for robust cybersecurity in the face of continuous threats.

Read also: