Hatch Bank says 140,000 customers had data stolen after breach - Latest trending news

Hatch Bank has become the second company to suffer the consequences of the data breach that happened at GoAnywhere MFT, once again demonstrating just how dangerous supply chain attacks can be.

The financial technology firm has filed a report with the Attorney General’s office in which it said that threat actors took advantage of a flaw in GoAnywhere MFT to steal sensitive data (opens in new tab) on almost 140,000 customers.

“On January 29, 2023, Fortra experienced a cyber incident when they learned of a vulnerability located in their software,” Hatch Bank told affected customers. “On February 3, 2023, Hatch Bank was notified by Fortra of the incident and learned that its files contained on Fortra’s GoAnywhere site were subject to unauthorized access.”

GoAnywhere MFT is a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files, securely.

According to Hatch, the attackers managed to obtain customer names, and Social Security Numbers. To help remedy the problem, the company is providing free access to credit monitoring services for 12 months, to affected customers.

Hatch did not say the name of the group behind the attack, but according to BleepingComputer, it was the Clop ransomware gang. The group confirmed the attack to the publication, saying it used a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file-sharing platform to steal data for almost a fortnight. The zero-day it mentions is CVE-2023-0669, a remote code execution flaw that was patched in early February this year.

While BleepingComputer could not verify Clop’s claims, Huntress Threat Intelligence Manager Joe Slowik apparently found evidence that links GoAnywhere MFT and TA505, the hacking group known for deploying Clop ransomware.

Clop was also the one claiming responsibility for the attack on the initial major victim, Community Health Systems, saying the zero-day in GoAnywhere MFT allowed it to breach as many as 130 companies.

Via: BleepingComputer (opens in new tab)

Denial of responsibility! TheShockNews is an automatic aggregator around the Global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email: [email protected] The content will be deleted within 24 hours.

Originally published at www.theshocknews.com

Hatch Bank says 140,000 customers had data stolen after breach – Latest trending news

Related

Recent Articles

This new Android trojan is targeting all your mobile bank accounts – Latest trending news

Amanda Bynes’ Family BANS Her From Seeing Ex Paul Michael! But WHY??

Best Zombie Movies of All Time

Grant Denyer shares update on daughter’s health battle

Baidu Unveils New Capabilities for ‘Ernie’ Chatbot in Closed-Door Meeting – Latest trending news

Leave A Reply Cancel reply