Thousands of Bank of Canton customers in Massachusetts, totaling around 9,540 individuals, have potentially had their personal information, including account numbers and social security numbers, exposed following a data breach linked to a cybersecurity incident involving the bank’s vendor, Fiserv, on or around May 27, 2023.
Although the bank has not reported any customer fraud resulting from the breach, it has offered affected clients free two-year identity protection services, including credit monitoring, fraud consultation, and identity theft restoration. The breach was traced back to vulnerabilities in Fiserv’s MOVEit Managed File Transfer application, which has been a target for hackers following the disclosure of program protection weaknesses. The bank began notifying customers of the incident on September 22, 2023, after a thorough review following Fiserv’s alert on August 3, which included information on data potentially obtained due to the software vulnerability.
The customer data, although stored in an unstructured technical format, could reveal names and other personal information if parsed and utilized successfully, according to a Bank of Canton spokesperson. In response to the incident, the bank is implementing enhanced monitoring for unusual activities using automated fraud detection and analytical tools to safeguard customer information.
A total of 530 residents living outside of Massachusetts were also informed of the breach. To avail of the free identity protection service, bank clients must enroll within 90 days. Concerned customers have been provided with contact information to reach bank officials during regular business hours.
This data breach highlights the ongoing threats to personal information security and underscores the importance of robust cybersecurity measures for organizations and individuals alike.
References:
