On February 3, 2023, Hatch Bank, a fintech banking platform for small businesses, announced that it had experienced a data breach. The breach exposed the personal information of nearly 140,000 customers, including names, Social Security numbers, and dates of birth.
The breach was caused by a vulnerability in the GoAnywhere MFT file-sharing platform, which is used by Hatch Bank to store and share customer files. The vulnerability was exploited by an unauthorized actor, who was able to access and download files containing customer information.
Hatch Bank discovered the breach on February 3, 2023, and immediately took steps to secure its systems and notify affected customers. The company has also offered free credit monitoring services to affected customers for one year.
This is the second confirmed data breach caused by the GoAnywhere MFT vulnerability. The first breach was reported by Community Health Systems (CHS) in February 2023.
The GoAnywhere MFT vulnerability has been patched by the vendor. However, it is important for organizations that use the platform to ensure that they have applied the patch and are taking other steps to protect their data.
Here are some tips for organizations that use file-sharing platforms:
Keep software up to date.
Use strong passwords and enable two-factor authentication.
Monitor network traffic for suspicious activity.
Educate employees about phishing emails and other social engineering attacks.
Have a plan in place to respond to a data breach.
By following these tips, organizations can help to protect their data from unauthorized access.
In addition to the personal information of nearly 140,000 customers, the Hatch Bank data breach also exposed the names and contact information of employees. The company has said that it is working with law enforcement to investigate the breach and that it will take steps to prevent it from happening again.
The Hatch Bank data breach is a reminder that no organization is immune to cyberattacks. By taking steps to protect their data, organizations can help to mitigate the risk of a data breach.
Here are some additional details about the Hatch Bank data breach:
The breach occurred between January 30 and January 31, 2023.
The unauthorized actor was able to access files containing customer names, Social Security numbers, dates of birth, and email addresses.
Hatch Bank has notified all affected customers and offered them free credit monitoring services for one year.
The GoAnywhere MFT vulnerability has been patched by the vendor.
Hatch Bank is working with law enforcement to investigate the breach.
Conclusion
The Hatch Bank data breach is a serious incident that has the potential to impact the financial security of thousands of people. If you are a customer of Hatch Bank, it is important to take steps to protect yourself from identity theft and other fraud. You can do this by:
Reviewing your credit reports for any unauthorized activity.
Placing a fraud alert on your credit reports.
Using a credit monitoring service.
Being vigilant about phishing emails and other scams.
