The Maine Office of the Attorney General disclosed that Northfield Bank suffered a data breach between May 27 and May 31, 2023, stemming from vulnerabilities in the MOVEit Transfer application used by a third-party vendor. Unauthorized actors gained access to sensitive personal information, including names, account numbers, Social Security numbers, and online banking usernames of 4,112 individuals, with at least one Maine resident confirmed as potentially affected. The breach was formally reported on September 7, 2023. In response, Northfield Bank is providing two years of credit monitoring services to impacted individuals to mitigate risks of identity theft or financial fraud. The incident highlights the bank’s exposure to third-party software vulnerabilities, raising concerns about supply-chain cybersecurity risks. While the breach did not result in immediate financial losses or operational disruptions, the exposure of highly sensitive financial and personal data poses long-term risks for affected customers, including potential fraud, phishing attacks, or unauthorized account access. The bank’s proactive measures aim to restore trust, but the incident underscores the broader challenges financial institutions face in securing customer data against evolving cyber threats.
TPRM report: https://www.rankiteo.com/company/northfield-savings-bank-vt
"id": "nor010091825",
"linkid": "northfield-savings-bank-vt",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '4,112 (including 1 Maine '
'resident)',
'industry': 'Banking',
'location': 'United States (including Maine)',
'name': 'Northfield Bank',
'type': 'Financial Institution'}],
'attack_vector': 'Exploitation of third-party software vulnerability (MOVEit '
'Transfer)',
'customer_advisories': ['Credit monitoring services offered for 2 years'],
'data_breach': {'data_exfiltration': 'Yes (unauthorized access confirmed)',
'number_of_records_exposed': '4,112',
'personally_identifiable_information': ['names',
'Social Security '
'numbers',
'online banking '
'usernames'],
'sensitivity_of_data': 'High (includes SSNs and account '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information']},
'date_publicly_disclosed': '2023-09-07',
'description': 'The Maine Office of the Attorney General reported that '
'Northfield Bank experienced a data breach involving '
'unauthorized access to certain personal information between '
'May 27 and May 31, 2023, due to vulnerabilities in the MOVEit '
'Transfer application used by a third-party vendor. One Maine '
'resident was identified as potentially affected, with a total '
'of 4,112 individuals impacted, exposing names, account '
'numbers, Social Security numbers, and online banking '
'usernames. The breach was reported on September 7, 2023, and '
'Northfield Bank is offering two years of credit monitoring '
'services to those affected.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive customer data',
'data_compromised': ['names',
'account numbers',
'Social Security numbers',
'online banking usernames'],
'identity_theft_risk': 'High (due to exposure of SSNs and account '
'details)',
'payment_information_risk': 'Moderate (account numbers exposed)',
'systems_affected': ['MOVEit Transfer application (via third-party '
'vendor)']},
'initial_access_broker': {'entry_point': 'Third-party vendor using vulnerable '
'MOVEit Transfer application',
'high_value_targets': ['Customer PII and financial '
'data']},
'investigation_status': 'Disclosed; credit monitoring offered to victims',
'post_incident_analysis': {'root_causes': ['Vulnerabilities in MOVEit '
'Transfer application exploited by '
'threat actors']},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': ['Public disclosure via Maine Attorney '
'General',
'Customer notifications (implied by '
'credit monitoring offer)'],
'incident_response_plan_activated': 'Likely (credit monitoring '
'offered)',
'remediation_measures': ['Offering 2 years of credit monitoring '
'services to affected individuals']},
'title': 'Northfield Bank Data Breach via MOVEit Transfer Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit Transfer application vulnerabilities'}