MOVEit Transfer Critical Vulnerability Update

To our customers and partners,

You may have heard of the recent MOVEit-related data breach that impacted multiple organizations, including Informatica and some of our customers. We’ve previously notified those customers who were affected and are sharing this update more broadly to our non-impacted customers and partners on Informatica’s response and key actions taken. If you are an Informatica customer and have not been notified or did not have a support case created related to MOVEit, this incident did not impact you. We want to assure you that our business systems are fully operational and no Informatica products were impacted by this vulnerability. Based on our investigation, no systems, networks, or data outside the single support transfer service described below were affected.

On May 31, 2023, one of our vendors, Progress Software, informed us they identified a critical vulnerability impacting their MOVEit software solution. This application was one of the ways Informatica’s Global Customer Support (GCS) transferred files and data externally between our technology environment and our customers, including uploading customer support files and downloading software patches.

While this vulnerability had limited impact on Informatica and its customers, we took the following key actions:

• Shortly after Progress Software reached out to us, we took our MOVEit system offline.
• We began conducting an internal investigation alongside our third-party forensic partner.
• Our investigation confirmed our MOVEit system was affected, and data was accessed by an unauthorized party.
• We directed customers to use an alternate process to upload files and within a few days of deactivating the server, we deployed a completely new instance of its MOVEit and applied all the patches recommended by Progress Software. All customers can resume using the MOVEit Transfer capability.
• We notified affected customers. To date, no customer has informed us that files downloaded by the third party contained sensitive personal data, personally identifiable information, protected health information, or personal financial information.  
• We continue monitoring Progress Software’s notifications and other guidance to apply mitigations and updates as they become available.
• We’ve also taken this opportunity to continue to strengthen our policies, practices, and technology to further protect against vulnerabilities.

As always, Informatica’s GCS Customer Support Guide instructs customers not to upload personal data, personally identifiable information, protected health information, or personal financial information. If you have any questions or concerns, please contact us at support@informatica.com. 

~ The Global Customer Support Team