First Fed Bank suffered a data breach originating from a vulnerability in the MOVEit secure file transfer tool, exploited within its third-party business partner, Darling Consulting Group (DCG). The incident, reported by the Maine Office of the Attorney General on May 31, 2023, resulted in the potential exposure of personal information including names and Social Security numbers of 775 individuals, with 6 residents specifically affected in Rhode Island. While the breach did not involve ransomware or direct financial fraud, the exposure of Social Security numbers poses a significant risk of identity theft. In response, the bank offered 12-month memberships to Experian IdentityWorks Credit 3B as a protective measure for affected individuals. The breach highlights vulnerabilities in third-party file transfer systems and the cascading risks they pose to partner organizations and their customers.
TPRM report: https://www.rankiteo.com/company/bankfirstfed
"id": "ban1011091725",
"linkid": "bankfirstfed",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '775 individuals (6 in Rhode '
'Island)',
'industry': 'Financial Services',
'name': 'First Fed Bank',
'type': 'Bank'},
{'industry': 'Financial Advisory',
'name': 'Darling Consulting Group (DCG)',
'type': 'Business Partner / Consulting Firm'}],
'attack_vector': 'Exploitation of vulnerability in third-party software '
'(MOVEit)',
'customer_advisories': 'Offered identity theft protection services (Experian '
'IdentityWorks Credit 3B)',
'data_breach': {'data_exfiltration': 'Likely (personal information exposed)',
'number_of_records_exposed': '775',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2023-05-31',
'description': 'The Maine Office of the Attorney General reported that First '
'Fed Bank experienced a data breach involving its business '
'partner, Darling Consulting Group (DCG), due to a '
'vulnerability in the MOVEit secure file transfer tool on May '
'31, 2023. The breach potentially exposed personal information '
'of 775 individuals, including names and Social Security '
'numbers, while 6 residents were specifically affected in '
'Rhode Island. Identity theft protection services were offered '
'in the form of a 12-month membership with Experian '
'IdentityWorks Credit 3B.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of sensitive personal data',
'data_compromised': ['Names', 'Social Security numbers'],
'identity_theft_risk': 'High (due to exposure of SSNs)',
'systems_affected': ['MOVEit secure file transfer tool']},
'post_incident_analysis': {'root_causes': 'Vulnerability in third-party '
'MOVEit secure file transfer tool'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General (and '
'likely Rhode Island '
'authorities for 6 '
'affected residents)'},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General',
'recovery_measures': 'Offered 12-month membership to Experian '
'IdentityWorks Credit 3B for affected '
'individuals'},
'title': 'First Fed Bank Data Breach via MOVEit Vulnerability (May 2023)',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit secure file transfer tool vulnerability'}