Hatch Bank confirmed a data breach that compromised its customers’ personal data. The financial technology firm said hackers found a vulnerability in its internal file-transfer software. This allowed the hackers to access and steal around 140,000 customer names and social security numbers from Jan. 30-31, 2023.

Hatch is using Fortra’s GoAnywhere file-transfer platform. Many other large businesses also use GoAnywhere to share sensitive files.

Hatch Bank Left in the Dark About Software’s Vulnerability

In late January, Fortra issued a security advisory that revealed the vulnerability in its software. But the tech company did not make its advisory public. Users had to enter their login details to see it. It was security journalist Brain Krebs who shared details of the advisory to the public a few days later.

Hatch claims that Fortra did not inform it about this vulnerability until a day after Krebs’ report.

Who Is Behind the Data Breach?

While Hatch did not identify the group behind the security breach, the Clop ransomware gang is taking the credit. Clop claims it is behind the data breach and had already attacked over 130 organizations. But the information security and technology news agency could
not confirm the gang’s claims.

The Clop ransomware gang has already tried to demand a ransom of $10 million for stolen data.

How Did Hatch Bank Address the Cyberattack?

Hatch reported the incident to federal law enforcement authorities. It filed the report with the Office of the Maine Attorney General.

The fintech firm assured customers that it has taken immediate steps to secure its files after learning about the cyberattack. It also launched a comprehensive review of relevant files to assess the attack’s impact on customers’ information.

Additionally, Hatch is providing affected customers free access to credit monitoring services for one year. It is also implementing additional safeguards for its internal systems, including additional employee cybersecurity training.

The Bottom Line: Secure Software May Still Be Vulnerable

Many businesses and organizations use Fortra’s GoAnywhere file-transfer platform because it is secure. But even the most secure software and tools can still be vulnerable to attacks. That is because cybercriminals continue to advance their skills. And they use these skills to look for and exploit loopholes in the system. As such, businesses should not be complacent. They need to have contingency measures in place so they can protect their customers’ personal data in case of a security breach. These measures will help them retain customer confidence and protect their reputation.

Related Posts - TKS Blog

TKS Newsletter - 2024 December
Here's our December 2024 Newsletter Read the full PDF version here: The TKS Sentinel - December Issue In this month's edition, we discuss: Ransomware Threats PDF Hijacking ...
Read more
5 New Trends from a Study on the State of AI at Work
5 New Trends of AI At Work
The pace of technological advancement is accelerating. This is not news to anyone wading through the ChatGPT craze. Artificial intelligence (AI) is at the forefront...
Read more
pitfalls of cyber attack
Avoid These Data Breach Damage Control Pitfalls
Data breaches are an unfortunate reality for businesses of all sizes. When a breach occurs, the immediate response is critical. How a company manages the...
Read more
voice technology options
Harnessing the Power of Voice Technology
Voice technology is quickly becoming one of the most valuable tools for businesses seeking to improve customer interactions, streamline operations, and cut costs. With...
Read more

Used with permission from Article Aggregator