Customers affected by the Hatch Bank data breach are suing the company, with US-based consumer right law firm Wolf Haldenstein Adler Freeman & Herz LLP representing the customers.
The data of about 140,000 customers are perceived to be at risk because of the data breach involving Hatch Bank vendor Fortra.
“If you have received a recent notice of the data breach and have experienced recent concerning activity, it is possible that your personal medical information was compromised and is being offered for sale on the dark web,” warned the law firm.
Hatch Bank reported a data breach to the Maine Attorney General on February 28, 2023, following a warning from its cybersecurity vendor Fortra. The breach affected files containing sensitive consumer information stored on Fortra’s system, which were accessed without authorization by an unknown party.
As per Hatch Bank’s official statement, the breach resulted in the exposure of customers’ names and Social Security numbers. Hatch Bank promptly started sending out notifications to all affected individuals informing them about the breach and the potential compromise of their personal data.
Hatch Bank data breach: What data has been compromised?
“On February 3, 2023, Hatch Bank was notified by Fortra of the incident and learned that its files contained on Fortra’s GoAnywhere site were subject to unauthorized access. Fortra’s investigation determined that there was unauthorized access to the site account from January 30, 2023, to January 31, 2023,” said the Hatch Bank breach notice.
Hatch Bank immediately took steps to secure its files and then launched a diligent and comprehensive review of relevant files to determine the information that may have been impacted. Hatch Bank then worked to identify contact information for the impacted individuals. That process completed on February 7, 2023.”
The bank has taken measures to provide free access to credit monitoring services for twelve months to affected individuals. This ensures that customers can monitor their credit reports and identify any fraudulent activities resulting from the data breach.
This attack confirms the second data breach following the GoAnywhere hack. Community Health Systems (CHS) disclosed the first data breach last month.
Hatch Bank data breach, GoAnywhere, and Clop ransomware
GoAnywhere MFT is a secure file transfer solution that facilitates the safe exchange of files and data between internal systems, business partners, and cloud services for organizations.
To prevent unauthorized use of the product, GoAnywhere MFT employs a licensing system that utilizes a proprietary encryption algorithm to secure the license file. The encrypted license file is then sent to GoAnywhere MFT, decrypted, and verified for authenticity.
Clop ransomware managed to exploit the zero-day vulnerability in Fortra’s GoAnywhere MFT file-sharing platform, accessing the data of 139,493 customers. Over 130 organizations have reportedly fallen victim to data theft by the Clop ransomware gang, who were responsible for the GoAnywhere breaches.
The vulnerability used by the Clop ransomware gang to carry out their attack has been identified and is now tracked as CVE-2023-0669. This vulnerability enables remote-code execution and allows attackers to access servers without the consent of the server owner.
“The attack vector of this exploit requires access to the administrative console of the application, which in most cases is accessible only from within a private company network, through VPN, or by allow-listed IP addresses, when running in cloud environments, such as Azure or AWS,” said a vulnerability assessment by PingSafe.
“A Zero-Day Remote Code Injection exploit was identified in GoAnywhere MFT. The attack vector of this exploit requires public internet access to the administrative console of the application,” said a Fortra customer advisory.
Cybersecurity firm Huntress linked the GoAnywhere MFT attacks to TA505, a known threat group that has previously utilized the Clop ransomware. The firm’s investigation of an attack involving the deployment of the TrueBot malware downloader revealed this connection.