Hatch Bank confirmed a data breach that compromised its customers’ personal data. The financial technology firm said hackers found a vulnerability in its internal file-transfer software. This allowed the hackers to access and steal around 140,000 customer names and social security numbers from Jan. 30-31, 2023.

Hatch is using Fortra’s GoAnywhere file-transfer platform. Many other large businesses also use GoAnywhere to share sensitive files.

Hatch Bank Left in the Dark About Software’s Vulnerability

In late January, Fortra issued a security advisory that revealed the vulnerability in its software. But the tech company did not make its advisory public. Users had to enter their login details to see it. It was security journalist Brain Krebs who shared details of the advisory to the public a few days later.

Hatch claims that Fortra did not inform it about this vulnerability until a day after Krebs’ report.

Who Is Behind the Data Breach?

While Hatch did not identify the group behind the security breach, the Clop ransomware gang is taking the credit. Clop claims it is behind the data breach and had already attacked over 130 organizations. But the information security and technology news agency could
not confirm the gang’s claims.

The Clop ransomware gang has already tried to demand a ransom of $10 million for stolen data.

How Did Hatch Bank Address the Cyberattack?

Hatch reported the incident to federal law enforcement authorities. It filed the report with the Office of the Maine Attorney General.

The fintech firm assured customers that it has taken immediate steps to secure its files after learning about the cyberattack. It also launched a comprehensive review of relevant files to assess the attack’s impact on customers’ information.

Additionally, Hatch is providing affected customers free access to credit monitoring services for one year. It is also implementing additional safeguards for its internal systems, including additional employee cybersecurity training.

The Bottom Line: Secure Software May Still Be Vulnerable

Many businesses and organizations use Fortra’s GoAnywhere file-transfer platform because it is secure. But even the most secure software and tools can still be vulnerable to attacks. That is because cybercriminals continue to advance their skills. And they use these skills to look for and exploit loopholes in the system. As such, businesses should not be complacent. They need to have contingency measures in place so they can protect their customers’ personal data in case of a security breach. These measures will help them retain customer confidence and protect their reputation.

Related Posts - TKS Blog

TKS Newsletter - 2025 February
Here's our February 2025 Newsletter Read the full PDF version here: The TKS Sentinel - February Issue In this month's edition, we discuss: Work-Specific Tools Windows 11...
Read more
common password mistakes
Password Management Tips For Businesses
Is Your Business Cyber Secure? Passwords are the front line of defense against cyberattacks. Yet, most businesses still struggle with password security—whether it’s employees using weak...
Read more
password protection in the era of AI
Password Security In The Age Of AI
The AI Threat to Password Security Artificial intelligence is revolutionizing many industries, but it’s also empowering cyber criminals. Recent studies reveal that AI can crack over...
Read more
tech news updates jan 2025
TKS Newsletter - 2025 January
Here's our January 2025 Newsletter Read the full PDF version here: The TKS Sentinel - January Issue In this month's edition, we discuss: New Tech Tools Malicious...
Read more

Used with permission from Article Aggregator