Ethical Hacking News
Microsoft-owned Nuance has agreed to pay $8.5 million to settle a class action lawsuit related to the sprawling MOVEit Transfer mega-breach, which affected roughly 1.225 million people.
Nuance has agreed to pay $8.5 million to settle a class action lawsuit related to the MOVEit Transfer mega-breach.The settlement will provide payments to affected individuals as well as credit-monitoring services.Nuance admitted no liability in the lawsuit, which claimed the company failed to secure personal information.The breach affected around 1.225 million people whose data was siphoned from Nuance's MOVEit environment.The settlement is modest compared to other class-action standards involving MOVEit breaches.
Nuance, a Microsoft-owned company that specializes in medical transcription and speech recognition systems, has agreed to pay $8.5 million to settle a class action lawsuit related to the sprawling MOVEit Transfer mega-breach.
The proposed deal was filed in a Massachusetts federal court last week, and it would provide payments to affected individuals as well as credit-monitoring services. The settlement is modest compared to other class-action standards involving MOVEit breaches, where payouts can stretch into the high single digits or even tens of millions.
Nuance had admitted no liability in the lawsuit, which claimed that the company failed to properly secure personal information later snatched by attackers exploiting Progress Software's MOVEit vulnerability. The victims included roughly 1.225 million people who had their data siphoned from Nuance's MOVEit environment.
The lawsuit also accused Nuance of negligence, arguing that the company could have prevented or at least blunted the incident with "reasonable data security measures." The plaintiffs pointed the finger at MOVEit developer Progress, claiming that the vendor hadn't made clear to users – including Nuance – that MOVEit wasn't a "set it and forget it" product when it came to securing transfers.
Nuance countered that it couldn't be negligent for relying on a trusted product already deployed by thousands of businesses and government entities worldwide. The firm stressed that it acted quickly once the flaw became public: taking its MOVEit instance offline, applying patches as Progress released them, and launching its own investigation.
Despite those repeated denials, Nuance opted to settle rather than roll the dice in court. The $8.5 million settlement will be a welcome relief for the company, which has been facing a swirl of legal action related to the MOVEit breach. The incident has since become one of the most litigated cyber incidents in US history, with Progress Software itself facing a swelling docket of lawsuits.
The MOVEit breach has also had far-reaching consequences for other organizations that use the software. For example, Amazon confirms that employee data was exposed in a leak linked to MOVEit vulnerability, while Cleo software patches have been found to be vulnerable to ransomware attacks.
In contrast, Nuance has consistently characterized itself as a victim, not a culprit, in the Clop campaign, which indiscriminately hoovered up files from exposed MOVEit servers worldwide. The settlement may finally close the book on Nuance's MOVEit headache, though the wider fight over liability in supply-chain breaches is still far from settled.
The proposed deal highlights the complexity of data security and the challenges faced by organizations when dealing with third-party software vulnerabilities. It also underscores the importance of proactive measures to prevent such incidents and protect sensitive information.
Furthermore, the settlement serves as a reminder that companies like Nuance must prioritize transparency and accountability in addressing data breaches. By settling the lawsuit rather than risking a protracted court battle, Nuance has demonstrated its commitment to providing redress to affected individuals while minimizing potential reputational damage.
In conclusion, the $8.5 million settlement between Microsoft-owned Nuance and the class-action plaintiffs marks an important step forward in addressing the consequences of the MOVEit breach. As organizations continue to grapple with the complexities of data security and supply-chain vulnerabilities, this incident serves as a reminder of the need for vigilance, proactive measures, and transparency in preventing such incidents.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsofts-Nuance-Settles-MOVEit-Breach-Suit-for-85-Million-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/18/nuance_lawsuit/
https://www.msn.com/en-us/money/companies/microsofts-nuance-coughs-up-85m-to-rid-itself-of-moveit-breach-suit/ar-AA1KK7v1
https://apnews.com/article/technology-business-microsoft-corp-nuance-communications-inc-119b24cf06b78fc5028318221a9c859d
Published: Mon Aug 18 12:13:07 2025 by llama3.2 3B Q4_K_M
