As CSO reports, Progress has disclosed a formal inquiry from the Securities and Exchange Commission into the widely exploited MOVEit vulnerability. Progress said it plans to cooperate fully with the SEC, which so far has requested “various documents and information” relating to the bug. The company noted that the SEC “fact-finding inquiry …does not mean that Progress or anyone else has violated federal securities laws.”

At the same time, as The Record points out, Progress also revealed that it has received 23 letters from customers seeking indemnification. Plus, Progress said that an unidentified insurance company is "seeking recovery for all expenses incurred in connection with the MOVEit vulnerability.” Progress added, “We have also been cooperating with several inquiries from domestic and foreign data privacy regulators, inquiries from several state attorneys general,” along with an investigation from an unnamed U.S. law enforcement agency.

As TechCrunch reports, while it was still unclear precisely how many MOVEit clients have been affected by the mass-hack, Emisoft counts 2,546 organizations that have confirmed an impact, spanning 64 million people.

The MOVEit hack may represent a fork in the road for ransomware tactics, as Business Insurance reports. Since the mass-hack, vendor risk has overtaken phishing to become Resilience clients’ most common point of failure. according to research from Resilience Cyber Insurance Solutions.

What’s more, as Dark Reading reports, Progress’s pain may alter how cyber insurers do business. Mark Millender, senior advisor for global executive engagement at Tanium, told the news website that the software company’s $15 million cyber insurance policy will raise premiums and tighten coverage requirements for others seeking coverage.