Hatch Bank has become the latest company to suffer the consequences of a data breach caused by a supply chain attack. The incident was a result of a vulnerability found in the GoAnywhere Managed File Transfer (MFT) system, developed by Fortra and used by Hatch Bank to securely share sensitive files. This is the second time this year that such an attack has occurred, highlighting the growing threat posed by supply chain attacks.
Details of the Attack
On January 29, 2023, Fortra discovered a vulnerability in their software that was exploited by threat actors to gain unauthorized access to Hatch Bank’s files stored on Fortra’s GoAnywhere site. Hatch Bank was notified of the incident by Fortra on February 3, 2023, and discovered that sensitive data on almost 140,000 customers had been stolen.
The stolen information includes customer names and Social Security Numbers, posing a severe threat to the affected customers’ privacy.
Hatch Bank has since filed a report with the Attorney General’s office, notifying affected customers of the breach and offering them free access to credit monitoring services for 12 months. The move aims to mitigate the damage caused by the breach and prevent further exploitation of the stolen data.
The attackers’ identity is yet to be confirmed, but according to BleepingComputer, it was the Clop ransomware gang responsible for the attack. The group confirmed the attack, citing a zero-day vulnerability in the GoAnywhere MFT system as the entry point for the attack. The zero-day vulnerability in question is CVE-2023-0669, a remote code execution flaw that was patched by Fortra in early February this year.
Huntress Threat Intelligence Manager Joe Slowik, meanwhile, has found evidence linking the GoAnywhere MFT system and the hacking group known as TA505, which is notorious for deploying Clop ransomware. The Clop ransomware group was also responsible for the attack on Community Health Systems, claiming the zero-day in the GoAnywhere MFT system allowed them to breach as many as 130 companies.
The Hatch Bank data breach highlights the significant impact of supply chain attacks and the importance of staying vigilant in protecting sensitive information. Businesses must stay up to date with the latest cybersecurity threats and take appropriate measures to ensure their systems are secure, including regular vulnerability assessments and timely software updates. In this era of advanced cybersecurity threats, organizations can’t afford to take any chances with their data security.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.