Hatch Bank Suffers 140,000 SSN Data Breach via Fortra Bug Exploit

Hatch Bank confirmed that hackers exploited a zero-day vulnerability in their internal file transfer software to gain access to thousands of customer Social Security numbers. The company is working with the National Crime Agency (NCA) and other security firms to prevent further attacks.

This vulnerability allows attackers to access files stored on Fortra’s GoAnywhere platform without the victim’s authorization. The vulnerability was discovered by security journalist Brian Krebs, who published details of the vulnerability on February 2. Fortra subsequently released a security advisory advising users of the danger posed by this vulnerability and how to protect themselves.

The Clop ransomware gang claimed to have exploited the zero-day flaw, tracked as CVE-2023-0669, to steal data from more than 130 organizations. However, only Community Health Systems and Hatch Bank have thus far publicly disclosed being affected by the bug. It is likely that other organizations are also affected but haven’t yet made their vulnerability known. It remains to be seen how widespread this attack was and whether additional organizations will be revealed as victims in the future.

Hatch Bank disclosed that an attack on its GoAnywhere electronic banking system resulted in the theft of the personal information of close to 140,000 customers–630 of them living in Maine. While not all details surrounding the breach have been revealed, it is apparent that criminals used the vulnerability to gain access to this sensitive data. Whether this information was subsequently misused remains unknown, but it is important for individuals who may be affected by this incident to understand their rights and how they can protect themselves from identity theft and other types of fraud.

The fact that Hatch Bank was not made aware of the vulnerability in their GoAnywhere software until after it had been publicly disclosed suggests that the company may have been negligent in their security preparations. While Fortra, the company responsible for developing and marketing GoAnywhere, might be to blame for this lapse in communication, it also seems likely that Hatch Bank could have mitigated against any potential damage had they been notified sooner. In any case, further vigilance is clearly necessary when it comes to cyber security within corporations.

Hatch Bank customers are being urged to monitor their account activity for any unusual activity that may have occurred during the time period when hackers had access to Hatch’s account. Hatch Bank is taking measures to secure its files and has also notified federal law enforcement of the possible attack.

The bank said that it has worked hard to ensure that its customers are taken care of, and that they will not be left feeling vulnerable after the breach. The bank is providing those affected by the breach with access to free credit monitoring services, as well as unspecified “additional safeguards” internally. This should help make sure that their information is kept safe and secure. In addition, the bank plans to implement cybersecurity training for its employees in order to keep them up-to-date on the latest security threats.

Jer Wood, president at Hatch Bank, has stated that the bank plans to open up four new branches in the coming year. With such aggressive expansion, Hatch Bank may become a major player in the banking industry. Whether or not this proves successful is yet to be seen, but Wood’s commitment to customer service and innovation

The scale of the fallout from the GoAnywhere vulnerability remains unknown, but Clop’s claims suggest that many more victims have not yet come forward. Security experts were also quick to liken the flaw to an earlier zero-day flaw affecting Accellion’s legacy file transfer appliance (FTA), which was used to compromise a number of organizations, including Qualys, Shell, the University of Colorado, Kroger and Morgan Stanley.

Avatar photo
Zara Khan

Zara Khan is a seasoned investigative journalist with a focus on social justice issues. She has won numerous awards for her groundbreaking reporting and has a reputation for fearlessly exposing wrongdoing.

Articles: 847

Leave a Reply

Your email address will not be published. Required fields are marked *