We are aware of a vulnerability to the file transfer application MOVEit that has been impacting organisations and exposing personal data.
The National Cyber Security Centre (NCSC) is working with affected businesses to understand and respond to this incident.
We encourage all firms to:
- Check if they or any companies in their supply chain have used MOVEit and to understand the extent of any impact.
- Review the Indicators of Compromise (IOCs) and follow the risk remediation advice and patches. These can be found on the Progress website.
Any operational impacts due to this issue should be escalated via normal supervisory reporting processes. You are required to report incidents to the FCA.
For organisations directly affected, Progress (the Vendor of the MOVEit software) has issued advice on mitigating this vulnerability. See the NCSC website for regular updates on this incident.