On June 16, 2023, Honeywell International Inc. (“Honeywell”) posted a notice on its website describing a data breach resulting from a vulnerability in MOVEit, a file transfer application used by Honeywell. In this notice, Honeywell explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, Honeywell began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Honeywell International Inc., it is essential you understand what is at risk and what you can do about it. While this data security incident did not impact Honeywell’s IT network, it did involve an unauthorized party accessing Honeywell’s MOVEit server. And, as Honeywell confirmed, certain confidential information stored on the MOVEit server was leaked, exposing victims to an increased risk of identity theft and other frauds. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Honeywell data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Honeywell?

The MOVEit / Honeywell data breach was only recently announced, and more information is expected in the near future. However, Honeywell’s website notice entitled “Statement On Progress MOVEit” provides some important information on what led up to the breach. According to this source, Honeywell uses a popular file transfer web application called MOVEit, which was created by Progress Software.

Back in May 2023, Progress Software disclosed a previously unknown vulnerability within MOVEit. This vulnerability allowed hackers to access MOVEit servers, as well as the information contained on these servers.

In response to learning about the MOVEit vulnerability, Honeywell launched an investigation, which confirmed that one of Honeywell’s MOVEit servers was accessed by an unauthorized party. The Honeywell investigation also determined that personally identifiable information was contained on the servers.

After learning that sensitive consumer data was accessible to an unauthorized party, Honeywell reviewed the compromised files to determine what information was leaked and which consumers were impacted. In its notice, Honeywell did not state what data types were leaked. However, Honeywell indicated that it had sent out data breach letters to anyone who was affected by the recent data security incident, explaining what information was leaked.

More Information About Honeywell International Inc.

Honeywell International Inc. is a technology and manufacturing company based out of Charlotte, North Carolina. The company is organized into four segments: Aerospace; Home and Building Technologies; Performance Materials and Technologies; and Safety and Productivity Solutions. Honeywell serves clients in a range of industries, including aerospace, building technologies, energy, healthcare, life sciences, logistics and warehousing, retail and utilities. Honeywell employs more than 97,000 people and generates approximately $35 billion in annual revenue.