“Our financial liability arising from any of the foregoing (MOVEit exploits) will depend on many factors, including the extent to which governmental entities investigate the matter and limitations contained within our customer contracts; therefore, we are unable at this time to estimate the quantitative impact of any such liability with any reasonable degree of certainty,” Progress said.
Progress also said that it estimates operational losses from grieving customers as the company expects some of them could momentarily pull out of scheduled contracts.
“If customers or partners seek refunds, delay implementation of our products, delay payment, fail to pay us under the terms of our agreements, or terminate use of our products, we may be adversely affected both from the inability to collect amounts due and the cost of enforcing the terms of our contracts (including litigation related thereto),” Progress added.
Progress already has 23 affected customers who have indicated that they “intend to seek indemnification” from Progress and are likely to delay payments according to their contract terms, the company said.
Costs from MOVEit continue to pile up
The MOVEit hack has had a scarring effect on Progress’ reputation, with over 65 million customers worldwide suffering compromise of sensitive data. Last week, Sony and Flagstar Bank confirmed 6,000 and 800,000 new victims whose records were accessed in MOVEit-related incidents.
On September 25, BORN Ontario, a government-run birth registry in the Canadian province, confirmed the data of about 3.4 million people was exposed due to its use of the file-transfer service.