Nebraska Bank Settles MOVEit Breach Lawsuit for $2.4 Million
On March 4, 2026, a family-owned Nebraska bank agreed to a $2.4 million settlement to resolve a class-action lawsuit stemming from a 2023 MOVEit software breach that exposed customers’ personal data. The proposed settlement, seeking preliminary approval in the U.S. District Court for the District of Massachusetts, addresses claims that the bank failed to adequately protect sensitive information during the widespread cyberattack.
The MOVEit breach, attributed to the Clop ransomware group, exploited a zero-day vulnerability in the file-transfer software, impacting thousands of organizations globally. The Nebraska bank was among the financial institutions affected, leading to the exposure of customer data, including names, Social Security numbers, and financial details.
The settlement, if approved, would compensate affected individuals and cover legal fees, marking another financial repercussion for entities caught in the fallout of the MOVEit incident. The case underscores the ongoing legal and financial risks for organizations following large-scale cybersecurity breaches.
Source: https://www.law360.com/articles/2448949/neb-bank-reaches-2-4m-deal-to-settle-moveit-breach-suit
Nebraska Bank cybersecurity rating report: https://www.rankiteo.com/company/nebraska-bank
moveIT Software cybersecurity rating report: https://www.rankiteo.com/company/moveit-software
"id": "NEBMOV1772670591",
"linkid": "nebraska-bank, moveit-software",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Yes',
'industry': 'Banking',
'location': 'Nebraska, USA',
'name': 'Nebraska Bank (unnamed family-owned bank)',
'type': 'Financial Institution'}],
'attack_vector': 'Exploitation of zero-day vulnerability',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information',
'Financial details']},
'date_publicly_disclosed': '2023',
'date_resolved': '2026-03-04',
'description': 'A family-owned Nebraska bank agreed to a $2.4 million '
'settlement to resolve a class-action lawsuit stemming from a '
'2023 MOVEit software breach that exposed customers’ personal '
'data. The bank was accused of failing to adequately protect '
'sensitive information during the cyberattack.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Names, Social Security numbers, financial '
'details',
'financial_loss': '$2.4 million settlement',
'identity_theft_risk': 'Yes',
'legal_liabilities': 'Class-action lawsuit',
'payment_information_risk': 'Yes',
'systems_affected': 'MOVEit file-transfer software'},
'investigation_status': 'Settled',
'motivation': 'Financial gain, data exfiltration',
'post_incident_analysis': {'corrective_actions': 'Settlement agreement, '
'compensation for affected '
'individuals',
'root_causes': 'Failure to adequately protect '
'sensitive information, '
'exploitation of zero-day '
'vulnerability in MOVEit software'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Clop'},
'references': [{'date_accessed': '2023-11-02',
'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit'},
'threat_actor': 'Clop ransomware group',
'title': 'Nebraska Bank MOVEit Breach Lawsuit Settlement',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit file-transfer software zero-day '
'vulnerability'}