FCA warns firms of MOVEit vulnerability
The UK Financial Conduct Authority (FCA) has issued a warning to firms regarding a vulnerability to the file transfer application MOVEit.
The vulnerability has been impacting organisations and exposing personal data. The National Cyber Security Centre (NCSC) is working with affected businesses to understand and respond to this incident.
The FCA encourages all firms to:
- Check if they or any companies in their supply chain have used MOVEit and to understand the extent of any impact.
- Review the Indicators of Compromise (IOCs) and follow the risk remediation advice and patches. These can be found on the Progress website.
Any operational impacts due to this issue should be escalated via normal supervisory reporting processes. Firms regulated by the FCA are required to report incidents to the regulator.
For organisations directly affected, Progress (the Vendor of the MOVEit software) has issued advice on mitigating this vulnerability. The NCSC website provides regular updates on this incident.
Criminals have exploited a vulnerability in Progress Software’s MOVEit file transfer app, which is used by thousands of organisations around the world.
A number of organisations whose supply chains use the MOVEit app have suffered a data breach as a result, with customer data being stolen. The stolen information relates to employees at a number of organisations, including Ofcom, Transport for London, BBC, Boots and British Airways.