Banking organization Hatch Bank announced a data leak of 140 thousand of its clients after the hackers attacked the Fortra Goanywhere MFT file exchange.
Hatch Bank is an American bank founded in 2005 in San Francisco, California. The company provides financial services for small and medium -sized businesses, as well as for private customers.
On January 29, Fortra was faced with an incident of cybersecurity and learned about vulnerability in its software. On February 3, the company notified us about the incident and reported that Hatch Bank data underwent unauthorized access, ”the Hatch Bank leakage said.
Bank representatives analyzed the stolen data and came to the conclusion that the attackers gained access to customer names and their social insurance numbers. The bank also added that it will provide an annual free access to the services of credit monitoring to all customers injured from leakage.
This is already the second confirmed data leak caused by cyber attack on Goanywhere MFT. Earlier, the major medical organization Community Health Systems (CHS) also reported about a million patients about a possible data leakage.
Although Hatch Bank did not reveal which of the attackers is responsible for the leak, we perfectly remember that the Fortra product was made by hackers from the Clop group. According to cyberbandites, they leaked data belonging to 130 organizations, but almost none of the organizations officially confirmed this (except for CHS and Hatch Bank).
Exploity for the vulnerability of the CVE-2023-0669, which was used in the attack on Goanywhere, was publicly released the day before Fortra released emergency security patch.