Hatch Bank became the second company to be affected by the data breach that occurred at GoAnywhere MFT, once again demonstrating how dangerous supply chain attacks can be.
The financial technology firm has filed a report with the Attorney General’s Office. The report said attackers used a flaw in her GoAnywhere MFT to steal sensitive data.
(opens in new tab) to approximately 140,000 customers.
“On January 29, 2023, Fortra experienced a cyber incident after learning of a vulnerability in their software,” Hatch Bank told affected customers. “On February 3, 2023, Hatch Bank was notified of this incident by Fortra and learned that Fortra’s files contained on his GoAnywhere site had been compromised.”
steal social security numbers
GoAnywhere MFT is a popular file sharing service developed by Fortra and used by large enterprises to securely share sensitive files.
According to Hatch, the attackers were able to obtain customer names and social security numbers. To fix the problem, the company is offering the affected customer free access to her credit monitoring service for 12 months.
Hatch did not name the group behind the attack, but according to BleepingComputer, it was the Clop ransomware gang. The group confirmed the attack as he took advantage of a zero-day vulnerability in GoAnywhere MFT, Fortra’s secure file sharing platform, to steal data for nearly two weeks. The zero-day it refers to is CVE-2023-0669, a remote code execution flaw that was patched in early February of this year.
BleepingComputer was unable to verify Clop’s claims, but Huntress Threat Intelligence Manager Joe Slowik appears to have found evidence linking GoAnywhere MFT to hacking group TA505, known for deploying Clop ransomware.
Clop also claimed responsibility for the attacks against the first major victim, Community Health Systems, saying GoAnywhere MFT’s zero-day enabled it to compromise 130 companies.
(opens in new tab)