The Register reports:
Microsoft-owned talk-to-text outfit Nuance has agreed to cough up $8.5 million to settle a class action lawsuit over the sprawling MOVEit Transfer mega-breach – although it admits no liability.
The proposed deal [PDF], filed in a Massachusetts federal court last week, would draw a line under litigation brought by individuals who claimed that the company failed to properly secure personal information later snatched by attackers exploiting Progress Software’s MOVEit vulnerability.
Nuance, best known for its medical transcription and speech recognition systems, was one of hundreds of organizations caught in the blast radius of the Clop ransomware gang’s 2023 mass exploitation of MOVEit Transfer. Court filings state that roughly 1.225 million people had their data siphoned from Nuance’s MOVEit environment.
The plaintiffs accused Nuance of negligence, arguing that the company could have prevented or at least blunted the incident with “reasonable data security measures.” They also pointed the finger at MOVEit developer Progress, claiming that the vendor hadn’t made clear to users – including Nuance – that MOVEit wasn’t a “set it and forget it” product when it came to securing transfers.
Read more at The Register.
