Hatch Bank has become the second company to suffer the consequences of the data breach that happened at GoAnywhere MFT, once again demonstrating just how dangerous supply chain attacks can be.
The financial technology firm has filed a report with the Attorney General’s office in which it said that threat actors took advantage of a flaw in GoAnywhere MFT to steal sensitive data (opens in new tab) on almost 140,000 customers.
“On January 29, 2023, Fortra experienced a cyber incident when they learned of a vulnerability located in their software,” Hatch Bank told affected customers. “On February 3, 2023, Hatch Bank was notified by Fortra of the incident and learned that its files contained on Fortra’s GoAnywhere site were subject to unauthorized access.”
Stealing Social Security numbers
GoAnywhere MFT is a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files, securely.
According to Hatch, the attackers managed to obtain customer names, and Social Security Numbers. To help remedy the problem, the company is providing free access to credit monitoring services for 12 months, to affected customers.
Hatch did not say the name of the group behind the attack, but according to BleepingComputer, it was the Clop ransomware gang. The group confirmed the attack to the publication, saying it used a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file-sharing platform to steal data for almost a fortnight. The zero-day it mentions is CVE-2023-0669, a remote code execution flaw that was patched in early February this year.
While BleepingComputer could not verify Clop’s claims, Huntress Threat Intelligence Manager Joe Slowik apparently found evidence that links GoAnywhere MFT and TA505, the hacking group known for deploying Clop ransomware.
Clop was also the one claiming responsibility for the attack on the initial major victim, Community Health Systems, saying the zero-day in GoAnywhere MFT allowed it to breach as many as 130 companies.
Via: BleepingComputer (opens in new tab)
Originally published at www.theshocknews.com