Hatch Bank says 140,000 customers had data stolen after breach

(Image credit: Avast)

Hatch Bank has become the second company to suffer the consequences of the data breach that happened at GoAnywhere MFT, once again demonstrating just how dangerous supply chain attacks can be.

The financial technology firm has filed a report with the Attorney General's office in which it said that threat actors took advantage of a flaw in GoAnywhere MFT to steal sensitive data on almost 140,000 customers.

"On January 29, 2023, Fortra experienced a cyber incident when they learned of a vulnerability located in their software," Hatch Bank told affected customers. "On February 3, 2023, Hatch Bank was notified by Fortra of the incident and learned that its files contained on Fortra’s GoAnywhere site were subject to unauthorized access."

You may like

GoAnywhere MFT is a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files, securely.

According to Hatch, the attackers managed to obtain customer names, and Social Security Numbers. To help remedy the problem, the company is providing free access to credit monitoring services for 12 months, to affected customers.

Hatch did not say the name of the group behind the attack, but according to BleepingComputer, it was the Clop ransomware gang. The group confirmed the attack to the publication, saying it used a zero-day vulnerability in Fortra's GoAnywhere MFT secure file-sharing platform to steal data for almost a fortnight. The zero-day it mentions is CVE-2023-0669, a remote code execution flaw that was patched in early February this year.

> Clop ransomware hackers hit a million US healthcare customers

> Clop ransomware had a rather handy flaw for Linux users to exploit

> Here's a rundown of the best endpoint security

While BleepingComputer could not verify Clop’s claims, Huntress Threat Intelligence Manager Joe Slowik apparently found evidence that links GoAnywhere MFT and TA505, the hacking group known for deploying Clop ransomware.

Clop was also the one claiming responsibility for the attack on the initial major victim, Community Health Systems, saying the zero-day in GoAnywhere MFT allowed it to breach as many as 130 companies.

These are the best firewalls right now

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.