On January 19, 2024, Jeffrey Goldenberg was named to the leadership team in the Progress Software MOVEit data-breach class action, one of the largest data breach lawsuits in the history of multidistrict litigation. U.S. District Judge Allison D. Burroughs for the District of Massachusetts appointed the Leadership Team to represent a proposed class of consumers against Progress Software after its alleged negligence led to the compromise of sensitive personal information of an estimated 75 million individuals. Data compromised in the 2023 MOVEit data breach includes contact information, dates of birth, social security numbers, pension information, medical records, billing data and banking information. More than 600 organizations were reportedly hacked, including banks, schools and government agencies. Since the announcement of the data breach, Goldenberg Schneider has filed class-action lawsuits against dozens of defendants including hospitals, healthcare providers, insurers, banks, and other major institutions. According to the lawsuit, in June 2023, hackers from the well-known Russian cybergang, Clop, discovered a security vulnerability in MOVEit, a managed file transfer software owned by Progress Software used by many organizations to store, manage and distribute information. Progress markets MOVEit as a software that “guarantees the security of sensitive files both at -rest and in-transit,” and promises data security compliance. However, the vulnerability had existed since 2021,but was never rectified due to Progress’s alleged negligence, and hackers were able to exploit this vulnerability and gain access to sensitive personal data collected by organizations that used the software. Because many of the organizations impacted by the data breach handle data on behalf of others, who in turn received that data from third parties, the security vulnerability discovered in the MOVEit software and Progress’s mismanagement of its data allowed hackers to slip past the defenses of a vast, interconnected web of companies and institutions. Attorneys say Progress failed those whose data was transferred and/or stored using the MOVEit software in several key manners, including its failure to monitor and maintain basic network safeguards, failing to maintain adequate data retention policies, not training staff on data security, failing to comply with industry standards of data security, and failing to encrypt users’ private Information, among other shortcomings that led to the compromised information of tens of millions of people.
Judge Burroughs interviewed 49 applicants for leadership positions. Mr. Goldenberg was named to the Plaintiff Vetting and Discovery Committee.