1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hatch Bank says 140,000 customers had data stolen after breach

    From TechnologyDaily@1337:1/100 to All on Fri Mar 3 19:30:03 2023
    Hatch Bank says 140,000 customers had data stolen after breach

    Date:
    Fri, 03 Mar 2023 19:14:30 +0000

    Description:
    The Clop ransomware gang has taken credit for the attack.

    FULL STORY ======================================================================

    Hatch Bank has become the second company to suffer the consequences of the data breach that happened at GoAnywhere MFT, once again demonstrating just
    how dangerous supply chain attacks can be.

    The financial technology firm has filed a report with the Attorney General's office in which it said that threat actors took advantage of a flaw in GoAnywhere MFT to steal sensitive data on almost 140,000 customers.

    "On January 29, 2023, Fortra experienced a cyber incident when they learned
    of a vulnerability located in their software," Hatch Bank told affected customers. "On February 3, 2023, Hatch Bank was notified by Fortra of the incident and learned that its files contained on Fortras GoAnywhere site were subject to unauthorized access." Stealing Social Security numbers

    GoAnywhere MFT is a popular file-sharing service developed by Fortra and used by large businesses to share sensitive files, securely.

    According to Hatch, the attackers managed to obtain customer names, and
    Social Security Numbers. To help remedy the problem, the company is providing free access to credit monitoring services for 12 months, to affected customers.

    Hatch did not say the name of the group behind the attack, but according to BleepingComputer, it was the Clop ransomware gang. The group confirmed the attack to the publication, saying it used a zero-day vulnerability in
    Fortra's GoAnywhere MFT secure file-sharing platform to steal data for almost a fortnight. The zero-day it mentions is CVE-2023-0669, a remote code execution flaw that was patched in early February this year. Read more

    Clop ransomware hackers hit a million US healthcare customers


    Clop ransomware had a rather handy flaw for Linux users to exploit


    Here's a rundown of the best endpoint security

    While BleepingComputer could not verify Clops claims, Huntress Threat Intelligence Manager Joe Slowik apparently found evidence that links GoAnywhere MFT and TA505, the hacking group known for deploying Clop ransomware.

    Clop was also the one claiming responsibility for the attack on the initial major victim, Community Health Systems, saying the zero-day in GoAnywhere MFT allowed it to breach as many as 130 companies. These are the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/hatch-bank-says-140000-customers-had-data-stole n-after-breach


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)