Hatch Bank gets impacted following the GoAnywhere MFT breach

March 9, 2023
Hatch Bank Fintech Digital Banking GoAnywhere MFT Data Breach Ransomware

The recent cyberattack against Fortra’s GoAnywhere MFT secure file-sharing platform has affected other firms utilising the service, including the fintech banking platform ‘Hatch Bank.’ After being notified of the GoAnywhere MFT hack, Hatch Bank found that unauthorised actors had accessed its files stored on the file-sharing platform.

Hatch Bank provides banking services to its customers, including savings, commercial lending, checking accounts, mortgages, certificates of deposit, money market, treasury management, and other digital banking features. Most of the company’s customers are located in the US.

As reported by Fortra, the cybersecurity incident on their platform affected exactly 139,493 customers that had their data stolen by unknown hackers. This data breach originated from hackers exploiting a security flaw in the GoAnywhere MFT software.

 

Numerous customer data were stolen from Hatch Bank.

 

Some critical data stolen from the fintech banking platform are customers’ full names and social security numbers. The company’s report did not disclose which threat group had performed the attack, but security researchers attributed it to the notorious Cl0p ransomware gang.

According to the ransomware group’s claims, they collected data from the file-sharing platform by abusing a remote code execution zero-day flaw, now tracked as CVE-2023-0669. Cl0p said they stayed in the platform’s systems for about ten days, allowing them to steal massive data remotely.

In February, Community Health Systems (CHS), a healthcare provider firm, also disclosed being affected by the GoAnywhere MFT hack. The incident on Hatch Bank becomes the second confirmed issue stemming from hackers abusing the flaw in GoAnywhere MFT’s systems.

Nonetheless, the ransomware group’s claims of being the perpetrator of the GoAnywhere MFT have yet to be confirmed.

As a part of incident response measures, the fintech banking platform will provide its affected customers free access to credit monitoring services for a year. These services will help customers monitor suspicious activities from threat actors that could leverage their stolen data for further cyberattacks.

About the author

Leave a Reply