Massachusetts Federal Court Denies Motion to Dismiss in MOVEit Data Security Breach MDL Cases

A federal court in Massachusetts has denied motions to dismiss in two bellwether cases related to the MOVEit data security breach, which affected over 2,500 organizations and 67 million individuals worldwide. The breach, linked to Progress Software Corp.'s file-sharing software, allegedly started in 2021 and was discovered in May 2023. Plaintiffs accuse Progress of failing to reasonably secure consumers' personal information. The court's rulings allow the multidistrict litigation to move forward.

A federal court in Massachusetts has denied motions to dismiss in two bellwether cases related to the MOVEit data security breach. The breach, linked to Progress Software Corp.'s file-sharing software, affected over 2,500 organizations and 67 million individuals worldwide. The case began in 2021 and was discovered in May 2023. Plaintiffs accuse Progress of failing to reasonably secure consumers' personal information. The court's rulings allow the multidistrict litigation to move forward.

The denial of the motions to dismiss comes amidst growing scrutiny of data security practices. In a recent settlement, Nuance Communications, a Microsoft subsidiary providing clinical documentation services, agreed to pay $8.5 million to settle a complaint stemming from the MOVEit data breach [1]. The settlement includes provisions for credit monitoring and reimbursement for documented losses.

This development highlights the increasing legal and financial burden on companies facing data breaches. According to a recent report, data breaches and non-compliance with security and privacy laws have cost companies nearly $4.4 billion [3]. Companies like Meta, Amazon, and Equifax have faced significant fines for data breaches, underscoring the seriousness of these issues.

The MOVEit breach underscores the need for robust data security measures. A recent vulnerability in Progress Software's Hybrid Data Pipeline Server, CVE-2025-6505, allows attackers to combine credentials from different sources, potentially leading to unauthorized access [2]. This vulnerability highlights the importance of timely patching and secure software practices.

The denial of the motions to dismiss in the MOVEit case is a significant milestone in the ongoing litigation. As the case proceeds, it will likely provide further insights into the responsibilities of companies in safeguarding consumer data and the potential liabilities associated with data breaches.

References:
[1] https://news.bloomberglaw.com/litigation/microsoft-unit-nuance-settles-moveit-claims-for-8-5-million
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-6505
[3] https://www.csoonline.com/article/567531/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html