Hatch Bank becomes second data breach victim after GoAnywhere hack


The fintech banking platform has revealed a data breach caused by the attack on the Fortra GoAnywhere MFT file-sharing platform when the data of almost 140,000 customers was stolen.

Hatch Bank reviewed the stolen data and discovered that customer names and social security numbers had been stolen. The GoAnywhere MFT attacks have resulted in two confirmed data breaches so far, with the previous one being reported by Community Health Systems (CHS) just last month.

Notifications were sent to affected customers and filed with the Attorney General. The bank has offered victims free access to credit monitoring services for 12 months in compensation for the incident.

ADVERTISEMENT

Data stolen from over 130 targets

The Cl0p ransomware gang, responsible for the GoAnywhere breaches, told the BleepingComputer that they already had stolen data from over 130 organizations. The BleepingComputer could not independently confirm Cl0p's claims. The gang utilized the zero-day vulnerability in Fortra's GoAnywhere MFT file-sharing platform to steal the data of 139,493 customers.

In cybersecurity, the term "zero-day" refers to a situation where security teams have no prior knowledge of a software vulnerability, leaving them with "zero" days to develop a security patch or an update to rectify the problem.

The vulnerability is now tracked as CVE-2023-0669, a remote-code execution vulnerability allowing threat actors to access servers from afar without the owner's consent.

While Hatch Bank did not disclose what threat actor conducted the attack, Joe Slowik, threat intelligence manager at Huntress, found links between the GoAnywhere MFT attack and TA505, the hacking group known for deploying Cl0p ransomware.

Cl0p ransomware causing damage

In December 2020, Cl0p used the same tactics by exploiting a zero-day vulnerability in Accellion's file transfer appliance (FTA) system to pilfer data from global companies.

The Accellion FTA attacks caused widespread damage, with numerous organizations disclosing related breaches, including major financier Morgan Stanley, tech firm Qualys, energy giant Shell, and supermarket giant Kroger.

ADVERTISEMENT

Multiple universities worldwide were also affected, including Stanford Medicine, the University of Colorado, the University of Miami, and the University of California.

It is unknown if Cl0p is demanding similar ransoms from victims of the GoAnywhere MFT attacks. However, if the gang follows similar tactics, stolen data may appear on their data leak site in the future.