Hatch Bank has become the second company to suffer the consequences of a data breach that occurred at GoAnywhere MFT, once again showing how dangerous supply chain attacks can be.
The financial technology firm has filed a report with the Attorney General’s Office stating that cybercriminals used a vulnerability in GoAnywhere MFT to steal sensitive data (opens in a new tab) for almost 140,000 customers.
“On January 29, 2023, Fortra experienced a cyber incident when it became aware of a software vulnerability,” Hatch Bank told affected customers. “February 3, 2023, Fortra notified Hatch Bank of the incident and learned that its files located on Fortra’s GoAnywhere website had been subject to unauthorized access.”
Theft of social security numbers
GoAnywhere MFT is a popular file sharing service developed by Fortra and used by large companies to securely share sensitive files.
According to Hatch, the attackers managed to obtain customer names and social security numbers. To help address this issue, the company is providing free access to credit monitoring services for 12 months for affected customers.
Hatch did not name the group behind the attack, but according to BleepingComputer it was the Clop ransomware gang. The group confirmed the attack on the publication, saying that it used a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file-sharing platform to steal data for almost two weeks. The zero-day in question is CVE-2023-0669, a remote code execution vulnerability that was patched in early February this year.
While BleepingComputer was unable to verify Clop’s claims, Huntress Threat Intelligence manager Joe Slowik apparently found evidence linking GoAnywhere MFT and TA505, a hacking group known for deploying the Clop ransomware.
Clop was also the one to take credit for the attack on the first major victim, Community Health Systems, saying that day zero at GoAnywhere MFT allowed him to hack into as many as 130 companies.
By: Beeping Computer (opens in a new tab)