Progress Software

Name: PRGS Exclusion Analysis
Creator: Ethical Capital

PRGS

Information Technology

exclusion reason

1 theme

Corporate Misconduct (1)

PRGS Information Technology Current as of April 2026

This page is part of our public exclusion list — a transparency tool that shows which companies we screen out and why. It is not investment advice, and it is not an accusation. But it is subject to change as our understanding of the facts evolves.

Extractive Business Models

Since Oct 2, 2024

Progress Software’s MOVEit Transfer file transfer solution contained a zero-day SQL injection vulnerability that was mass‑exploited by the Clop ransomware group in May 2023. The breach exposed sensitive data across hundreds of organizations, triggering multiple federal class action lawsuits consolidated in the District of Massachusetts. As of September 2025, the court has largely denied Progress Software’s motions to dismiss these claims.

The Securities and Exchange Commission opened a fact‑finding investigation into the incident in October 2023. While the SEC concluded its investigation in August 2024 without recommending enforcement action, the underlying civil litigation alleges that the company’s software security failures enabled widespread harm. This pattern of deploying business‑critical software with a vulnerability that enabled systemic data extraction fits the definition of a rent‑seeking platform that externalizes security costs onto its customers and their communities.

Sources:

investors.progress.com ↗ · journals.sagepub.com ↗ · therecord.media ↗ · cambridge.org ↗ · cybersecuritydive.com ↗ · hipaajournal.com ↗ · jdsupra.com ↗ · progress.com ↗ · progress.com ↗ · researchgate.net ↗

Research Sources 9 organizations

investors.progress.com ↗

External

journals.sagepub.com ↗

External

therecord.media ↗

External

cambridge.org ↗

External

cybersecuritydive.com ↗

External

External

External

External

External

Related Exclusions

Same Issue

Corporate Misconduct

See all companies →

Wondering what we do invest in?

Our strategies → Our process →

The Naughty List

A digest of changes to our exclusion list — new additions, removals, and the evidence behind them. We review the list continuously as new evidence surfaces.

RSS feed No spam · Unsubscribe anytime

Companies appear on our exclusion list based on our investment judgment — not because they've done anything illegal. This is a difference of values and opinion, not an accusation of wrongdoing. Exclusion does not constitute a recommendation against investing in any company, and absence from the list does not constitute a recommendation to invest.

This information is provided for educational and transparency purposes only and should not be relied upon as investment advice. Data is drawn from independent watchdogs, NGOs, government registries, and Ethical Capital's ongoing research — see Research Sources for the full list.

Ethical Capital LLC is a state-registered investment adviser in Utah (CRD #316032). Registration does not imply a certain level of skill or training.