Entry Details

About the Entry

Category: 
Online > Web Feature Article > Industry > Mid Atlantic

Title of entry: 
MOVEit Meltdown: Using data to show how one cyber exploit campaign turned from bad to worse

Issue or Publication date:
1/16/2024

Publication name: 
Cybersecurity Dive

View Website home page:
https://www.cybersecuritydive.com/

Links to entry URLs

Please note: These URLs are only required for entries in the Online division categories, or digital entries in appropriate Overall Excellence, Design or All Content division categories.

Entry URL(s), if applicable:
Please enter a URL that will direct judges to the entry: 
https://www.cybersecuritydive.com/news/progress-software-moveit-meltdown/703659/

Entry Essay: 
After seven months of investigation, interviews and design work, Senior Reporter Matt Kapko and News Graphics Developer Julia Himmel delivered the most comprehensive analysis of the May 2023 MOVEit software security breach.

The ransomware group Clop infiltrated Progress Software’s MOVEit environments, stealing highly sensitive data. This attack led to 100 initial compromises that cascaded into breaches at nearly 2,300 organizations, with some victims affected three or four levels removed from the original file-transfer service.

Kapko and Himmel cross-referenced data from threat research firms Emsisoft and KonBriefing Research with victim organizations’ reports, breach disclosures from California and Maine, and filings with the SEC and the Department of Health and Human Services. The article and visualizations embedded in the story clearly explained how this exploit campaign unfolded and why one expert deemed it “the most successful public extortion campaign to date.”

Kapko’s reporting avoided the common trope of vilifying victims. Instead, he revealed that most affected organizations were bystanders using software within an ecosystem that tolerates security flaws as a cost of doing business. His narrative held Progress accountable, showing the victims were not directly at fault. Himmel’s step-by-step visualizations, with a vintage video game aesthetic, distilled the complex data web into engaging and accessible explanations, illustrating how a single breach rippled far beyond its original targets.

One of the most impactful visualizations depicted the breach at PBI, which spread to 63 customers. Of those, at least nine passed the breach along, ultimately compromising hundreds of additional organizations downstream. Its simplicity best embodies what Kapko and Himmel were trying to illustrate: how far damage can reach.

In total, the attack exposed the data of 93 million people, with some victims experiencing multiple breaches — one organization suffered six separate compromises. These findings, paired with interviews with a dozen cybersecurity experts, underscored the severity of the incident and the systemic vulnerabilities it exploited.

Despite limited responses from Progress Software, Kapko and Himmel’s collaboration offered readers unparalleled insights into the MOVEit attack. Their reporting highlighted the pressing need for accountability in the software industry, where security shortcomings continue to put organizations and millions of individuals at risk.