The FCA has published a web page in relation to a vulnerability to the file transfer application MOVEit that has been impacting organisations and exposing personal data.
The National Cyber Security Centre (NCSC) is working with affected businesses to understand and respond to this incident. The FCA is encouraging all firms to:
- check if they or any companies in their supply chain have used MOVEit and to understand the extent of any impact; and
- review the Indicators of Compromise (IOCs) and follow the risk remediation advice and patches. These can be found on the Progress website. (Progress is the vendor of the MOVEit software.)
Any operational impacts due to this issue should be escalated via normal supervisory reporting processes. You are required to report incidents to the FCA.
For organisations directly affected, Progress has issued advice on mitigating this vulnerability. See the NCSC website for regular updates on this incident.