Cyber Incident Victim: Honeywell International Inc.

On or around May 2023, Progress Software, the creator of the MOVEit file transfer application, disclosed a previously unknown vulnerability within its software. This vulnerability provided a mechanism for unauthorized external actors to gain access to MOVEit servers and the information stored on them. Honeywell International Inc., a technology and manufacturing company based in Charlotte, North Carolina, utilized the MOVEit application for file transfer operations. In response to the public disclosure of the vulnerability by the software vendor, Honeywell launched an internal investigation to determine if its own implementation of MOVEit had been compromised. The company’s investigation confirmed that an unauthorized party had successfully exploited this vulnerability to access one of Honeywell’s MOVEit servers. This incident was isolated to the MOVEit application and did not impact Honeywell’s primary internal IT network, indicating the breach was contained to the specific third-party file transfer system.

The investigation undertaken by Honeywell determined that the unauthorized access to its MOVEit server resulted in the compromise of confidential information. The company confirmed that personally identifiable information pertaining to consumers was contained on the accessed server and was leaked as a result of the security incident. While Honeywell’s public notice did not enumerate the specific data types that were exfiltrated or viewed, the company acknowledged that the leaked information was sensitive in nature. The exposure of this confidential information placed the affected individuals at an increased risk of identity theft and various other types of fraud. The scope of the incident was defined by the contents of the specific MOVEit server that was breached, though the total number of affected individuals was not publicly disclosed in the initial notification.

Upon completion of its forensic investigation, Honeywell initiated a process to review all compromised files in detail. This review was necessary to identify precisely which consumers were impacted and to determine the exact nature of the information that was accessible to the unauthorized party. Following this analysis, Honeywell began sending out direct data breach notification letters to all individuals whose personal information was affected by the incident. These letters served to inform recipients that their data was involved in the breach and were intended to explain what specific information pertaining to them was leaked. The company publicly announced the breach on its website on June 16, 2023, through a notice entitled “Statement On Progress MOVEit,” which outlined the cause of the incident and the company’s response actions.

The data security incident was a direct result of a vulnerability in a third-party software product and not due to an inherent failure of Honeywell’s internal security systems. The company’s response followed a standard incident management protocol, beginning with an investigation triggered by an external vendor disclosure, leading to confirmation of unauthorized access, analysis of the impacted data, and culminating in consumer notification and public acknowledgment. The primary consequence of the event was the unauthorized access and leakage of sensitive consumer data stored on the file transfer server, necessitating formal communication to those whose privacy was potentially violated. Honeywell International Inc., a large corporation with operations in aerospace, building technologies, performance materials, and safety solutions, confirmed the breach originated from a weakness in the MOVEit application provided by Progress Software.