MOVEit 2023 Data Breach

Critical Severity 94 million+ records affected
CompanyMOVEit (Progress Software)
Breach DateMay 27, 2023
Disclosure DateMay 31, 2023
Records Affected94 million+

The 2023 MOVEit breach exploited a zero-day vulnerability in the popular file transfer software, affecting over 2,000 organizations and exposing data on 94+ million individuals.

What Happened

The Cl0p ransomware gang exploited a zero-day SQL injection vulnerability in MOVEit Transfer, a file transfer solution used by thousands of organizations worldwide.

The attackers didn't encrypt files or demand traditional ransoms. Instead, they stole data and threatened to publish it unless victims paid. Affected organizations included government agencies, financial institutions, healthcare providers, and major corporations.

What Data Was Exposed

  • Social Security numbers
  • Driver's license numbers
  • Financial account information
  • Health insurance data
  • Medical records
  • Employee information
  • Student records
  • Various PII depending on organization

Who Is Affected

Over 94 million individuals across 2,000+ organizations including Shell, BBC, British Airways, state DMVs, universities, and healthcare systems.

How to Check If You Were Affected

Organizations are required to notify affected individuals. Check breach notification websites for your state.

What You Should Do Now

  1. Check for breach notifications from organizations you've shared data with
  2. Monitor your credit reports
  3. Freeze your credit as a precaution
  4. Watch for targeted phishing
  5. Enroll in free monitoring if offered by affected organization

Last updated: January 13, 2026