1080*80 ad

Nuance Settles MOVEit Breach Lawsuit for $8.5M

Nuance Reaches $8.5 Million Settlement in MOVEit Breach Lawsuit

Nuance Communications, a prominent technology firm owned by Microsoft, has agreed to an $8.5 million settlement to resolve a class-action lawsuit stemming from the widespread MOVEit data breach. The breach exposed the sensitive personal and health information of millions of patients whose healthcare providers used Nuance’s services.

This settlement marks a significant development in the ongoing fallout from the MOVEit cyberattack, which impacted thousands of organizations globally.

The Core of the Breach: A Supply Chain Attack

The incident originated not from a direct attack on Nuance, but through a vulnerability in a third-party software it used: MOVEit Transfer. This file transfer tool, developed by Progress Software, contained a critical security flaw that was exploited by the notorious Clop ransomware gang in May 2023.

By targeting this single piece of software, cybercriminals gained unauthorized access to the data of countless organizations that relied on it. As a major provider of medical transcription and AI-powered healthcare solutions, Nuance handled vast amounts of Protected Health Information (PHI) on behalf of hospitals and clinics. The data compromised in the attack reportedly included:

  • Patient names and demographic information
  • Social Security numbers
  • Dates of birth
  • Medical information and health insurance details

The breach underscored the significant risks associated with software supply chains, where a vulnerability in one product can create a catastrophic ripple effect across hundreds of downstream companies.

Details of the Nuance Settlement

The proposed $8.5 million settlement fund is designed to provide compensation and credit monitoring services to affected individuals. If you received a notification that your information was compromised in the Nuance data breach, you may be eligible to file a claim.

Key provisions of the settlement include:

  • Reimbursement for Financial Losses: Claimants can receive up to $7,500 for documented out-of-pocket expenses directly related to the breach, such as costs for credit reports, bank fees, or losses from identity theft.
  • Compensation for Lost Time: The settlement provides for payments for time spent addressing issues caused by the breach. Individuals can claim up to five hours of lost time, compensated at $30 per hour, for a total of $150.
  • Free Credit Monitoring: All eligible class members can enroll in two years of free credit monitoring and identity theft protection services to help safeguard their financial and personal information moving forward.

It is crucial for affected individuals to act promptly. The deadline to submit a claim is May 20, 2024. A final approval hearing for the settlement is scheduled for July 17, 2024.

Actionable Steps to Protect Your Identity

Whether you were affected by this specific breach or not, data security incidents are a persistent threat. Taking proactive steps to protect your personal information is more important than ever.

  1. Monitor Your Financial Accounts and Credit Reports: Regularly review your bank statements, credit card bills, and free credit reports from Equifax, Experian, and TransUnion. Look for any suspicious activity, no matter how small.

  2. Consider a Credit Freeze: A credit freeze is one of the most effective ways to prevent criminals from opening new accounts in your name. It restricts access to your credit file, making it much harder for identity thieves to succeed. Freezing and unfreezing your credit is free of charge.

  3. Enroll in Offered Protection Services: If you are eligible for the free credit monitoring offered in this settlement, sign up immediately. These services actively scan for misuse of your Social Security number and other personal data.

  4. Be Vigilant Against Phishing Scams: Cybercriminals often use stolen information from data breaches to craft highly convincing phishing emails, texts, or phone calls. Be skeptical of unsolicited communications asking for personal information or urging you to click on a link.

  5. Use Strong, Unique Passwords: Implement a password manager to create and store complex, unique passwords for each of your online accounts. Enable multi-factor authentication (MFA) wherever possible for an added layer of security.

While this settlement provides a measure of recourse for victims, it also serves as a stark reminder of the fragile nature of digital data and the far-reaching consequences of a single software vulnerability.

Source: https://go.theregister.com/feed/www.theregister.com/2025/08/18/nuance_lawsuit/

900*80 ad

      1080*80 ad