FCA publishes a warning about the use of MOVEit software

The FCA has published a web page in relation to a vulnerability to the file transfer application MOVEit that has been impacting organisations and exposing personal data.

The National Cyber Security Centre (NCSC) is working with affected businesses to understand and respond to this incident.  The FCA is encouraging all firms to:

  • check if they or any companies in their supply chain have used MOVEit and to understand the extent of any impact; and
  • review the Indicators of Compromise (IOCs) and follow the risk remediation advice and patches. These can be found on the Progress website. (Progress is the vendor of the MOVEit software.)

Any operational impacts due to this issue should be escalated via normal supervisory reporting processes. You are required to report incidents to the FCA.

For organisations directly affected, Progress has issued advice on mitigating this vulnerability. See the NCSC website for regular updates on this incident.

UKGI is a trading style of UKGI Limited and UKGI Services Limited which are wholly owned subsidiaries within UKGI Group Ltd. UKGI Limited Registered in England No. 03544014. UKGI Services Limited registered in England No. 04953835. All Registered Offices Number 22 Mount Ephraim, Tunbridge Wells, England TN4 8AS. VAT registration number 347 2664 82.