Progress Software is facing two separate potential class action lawsuits in connection with a SQL injection vulnerability in MOVEit file transfer software. The lawsuits allege the company’s negligence led to the breach, which puts their personal financial data at risk.
A suit filed June 15 in U.S. District Court for the Eastern District of Louisiana alleges the vulnerability led to the breach of the state Office of Motor Vehicles.
State officials announced the breach that same day, warning Louisiana drivers that their names, addresses, dates of birth, driver’s license numbers, social security numbers, vehicle registrations and other information was likely stolen.
Officials said at the time they had no information the data had been sold or used for fraudulent purposes. About 6 million records were exposed.
The plaintiff, Orleans Parish resident Jason Berry, alleges his personal data was put at risk by the breach.
Berry alleges the company also failed to promptly notify potential victims of the risk of exposing their personal information. The suit seeks class action status for others impacted by the breach.
A separate case filed June 20 in the U.S. District Court for the District of Massachusetts was also on behalf of three Louisiana residents: Shavonne Diggs, and Brady and Christina Bradberry.
The class exceeds 100 people and the plaintiffs are seeking upwards of $5 million, according to the complaint.
The Massachusetts case alleges the New Bedford-based company failed to adhere to Federal Trade Commission guidelines for data security, failed to protect customer data and failed to properly monitor its own internal systems.
A spokesperson for MOVEit, declined to comment on the allegations, saying, “Our focus remains on working closely with customers so they can take the steps needed to further harden their environments, including the patches we have released.”