Share this article on:
As the list of organisations affected by the MOVEit hack tops 200, one of America’s top-rated banks has put its hand up as a victim.
First Merchants Bank made the admission late last week, making careful note that while its data had been affected by the exploited third-party vulnerability, the bank’s own network and systems were unaffected.
First Merchants believes that the affected data could include names and addresses of its customers, as well as emails, Social Security numbers, usernames, account information, and other personal identifying information. Both individual and business accounts have been impacted.
Online and mobile banking passwords, however, have not been compromised.
“We are continuing to work with the vendor involved in this incident to investigate this issue and, as part of our ongoing commitment to information security, we are reviewing existing policies and procedures regarding vendor services and working to evaluate additional measures and safeguards in response to this incident,” the bank said in a statement.
The bank is in the process of notifying affected customers and has advised those affected to monitor their accounts for fraud and has offered a fraud alert service for one year. In addition, customers can also put a credit freeze on their accounts.
First Merchants Bank has not disclosed how many customers were affected.
As the list of impacted MOVEit customers grows, the app’s developer, Progress Software, is continuing to patch the application. On 7 July, the US Cybersecurity and Infrastructure Security Agency announced Progress had released a new service pack that addresses three entirely new vulnerabilities that could be exploited by malicious actors.
Two of the vulnerabilities could allow a threat actor to engage in an SQL injection attack, resulting in either the exposure of transferred data or even its modification. The third vulnerability could allow an attacker to shut down the application completely.
The new service pack is part of a move by Progress to offer more regular updates.
“These service packs will provide a predictable, simple, and transparent process for product and security fixes,” Progress said on a community page. “We have heard from you that a regular cadence and predictable timeline will enable you to better plan your resources and make it easier to adopt new product updates and fixes.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.