With the continuous and rapid development of cloud computing, it becomes more popular for users to outsource largescale data files to cloud servers for storage and computation. However, data outsourcing brings convenience to users while it also causes certain security problems. The integrity of outsourced data needs to be periodically checked by users to protect their data. Also, the secure transfer of cloud data can avoid data losses to users. Aiming at solving these problems in the data outsourcing process, a provable data transfer scheme based on provable data possession and deletion is recently proposed by Xue et al. However, we found a security flaw in Xue et al.'s scheme. Concretely, the block tags can be forged in their scheme. In this article, we first give a brief review of Xue et al.'s scheme and then a detailed attack is shown. To remove the security flaw, an improved scheme is proposed. Furthermore, we replace the integrity checking protocol of their proposal with a more efficient protocol to improve the efficiency of data integrity auditing.