Abrigo experienced a critical incident on May 31, 2023 affecting File Transfer (transfer.abrigo.com), lasting 1h 39m. The incident has been resolved; the full update timeline is below.
Affected components
Update timeline
- identified May 31, 2023, 08:33 PM UTC
Today, May 31, 2023, we were notified of a vulnerability with MOVEit Transfer, a tool provided by Progress Software that is used to receive and move files sent from customers to their final destination. Once notified, we immediately disabled MOVEit Transfer’s ability to receive files from customers. We also assessed MOVEit Transfer’s activity over the last 30 days and found no abnormalities. Our Cybersecurity teams are continuously monitoring all traffic, and no known customer impact from the vulnerability exists at this time. Many Abrigo clients use MOVEit EZ to transfer files to Abrigo. While your version of MOVEit EZ isn’t affected, the connection to Abrigo is disabled and files will not flow into Abrigo software until this issue is resolved. At this time, we are actively working with the MOVEit vendor, Progress, to understand their timing for a security patch. We will make updates to the Abrigo Community as we know more about this issue and timing for a resolution.
- resolved May 31, 2023, 10:13 PM UTC
The security patch for MOVEit Transfer May 31 vulnerability has been successfully implemented across Abrigo instances of MOVEit. File transfers have resumed, and no action is required by your institution. Our Cybersecurity teams are continuously monitoring all traffic, and no known customer impact from the vulnerability exists at this time. For more information, please refer to Abrigo Community