Hackers took use of a recently found zero-day vulnerability in Fortran GoAnywhere MFT's secure file-sharing platform, according to a data breach uncovered by fintech company Hatch Bank.
Hatch Bank took quick action to secure its files before starting a thorough investigation into all pertinent files to identify any potentially sensitive information.
Name and Social Security number are among the details that may have been open to unauthorized access.
Hatch Bank stated that it is striving to put more safeguards in place and provide training for its staff.
The afflicted clients will have access to credit monitoring services through Cyberscout for a full year.
Source: https://securityaffairs.com/143085/data-breach/hatch-bank-goanywhere-mft-bug.html
TPRM report: https://scoringcyber.rankiteo.com/company/hatchbank
"id": "hat182781023",
"linkid": "hatchbank",
"type": "Breach",
"date": "03/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Financial Services',
'name': 'Hatch Bank',
'type': 'Fintech Company'}],
'attack_vector': 'Exploitation of Zero-Day Vulnerability',
'data_breach': {'personally_identifiable_information': ['Name',
'Social Security '
'number'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Social Security number']},
'description': 'Hackers exploited a zero-day vulnerability in Fortran '
"GoAnywhere MFT's secure file-sharing platform, potentially "
'exposing sensitive information including names and Social '
'Security numbers.',
'impact': {'data_compromised': ['Name', 'Social Security number']},
'response': {'communication_strategy': ['Credit monitoring services for '
'affected clients'],
'remediation_measures': ['Additional safeguards',
'Staff training'],
'third_party_assistance': ['Cyberscout']},
'title': 'Hatch Bank Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Zero-Day Vulnerability in Fortran GoAnywhere MFT'}