MDL bellwether cases are the first to address the largest data breach in 2023.
BOSTON, MA / ACCESS Newswire / July 31, 2025 / Today, a Massachusetts federal court largely denied the motions to dismiss in two bellwether cases against Progress Software Corporation and other defendants in In Re: MOVEit Customer Data Security Breach Litigation- a large multidistrict litigation (MDL) involving dozens of class actions from around the country and hundreds of defendants. The massive data breach, which was discovered in May 2023 and allegedly linked to Progress Software Corp.'s file-sharing software, MOVEit Transfer, impacted more than 2,500 organizations and more than 67 million individuals worldwide.
Allegedly starting as early as 2021, a ransomware group known as Clop (aka C10p) hacked the MOVEit Transfer servers, stealing customers' sensitive data stored within. Affected entities include hospitals, banks, businesses, governments, pension funds, universities, among others. Plaintiffs in the MDL accuse Progress of failing to reasonably secure consumers' personal information.
"Today's ruling is an incredibly important and promising first step toward justice for the thousands of organizations and millions of individuals impacted by the MOVEit data breach," said Doug McNamara, a consumer protection partner at Cohen Milstein and one of five co-leads overseeing the MDL.
For each of the two bellwether cases, the court issued one orders that largely complemented each other. In MDL Order No. 22 (Progress Software), the court largely denied Progress Software's motion to dismiss, including plaintiffs' claims related to negligence, breach of contract, unjust enrichment and many of the state-related unfair business practices and breach of consumer protection claims. In MDL Order No. 23 (PBI, Delta Dental, Maximus, Welltok), the court largely denied bellwether defendants PBI, Delta Dental, Maximus, and Welltok's motions to dismiss largely along the same lines as Progress Software.
The five-member court-appointed leadership team includes Doug McNamara of Cohen Milstein Sellers & Toll PLLC; Charlie Schaffer of Levin Sedran & Berman LLP; Karen Reibel of Lockridge Grindal Nauen PLLP; Gary Lynch of Lynch Carpenter, LLP; E. Michelle Drake of Berger Montague; and Kristen Johnson of Hagens Berman Sobol Shapiro LLP.
###
About Cohen Milstein Sellers & Toll PLLC
Cohen Milstein Sellers & Toll PLLC, a premier U.S. plaintiffs' law firm, with over 100 attorneys across eight offices, champions the causes of real people - workers, consumers, small business owners, investors, and whistleblowers - working to deliver corporate reforms and fair markets for the common good. For more information visit www.cohenmilstein.com.
Press Contact: cohenmilstein@berlinrosen.com
SOURCE: Cohen Milstein Sellers & Toll PLLC
View the original press release on ACCESS Newswire:
https://www.accessnewswire.com/newsroom/en/business-and-professional-services/federal-court-says-moveit-data-security-breach-mdl-can-move-forw-1055428
