Kearny Bank, a New Jersey-based financial institution, has admitted to a data breach that exposed its clients’ sensitive financial information, including credit card numbers. The breach was traced back to a zero-day vulnerability exploit targeting MOVEit Transfer, a file transfer tool used by the bank’s third-party vendor, Fiserv. The attack allowed threat actors to access and obtain certain files, including those maintained for Kearny Bank.
Furthermore, the breach has impacted more than 17,500 clients, and as a response, the bank is offering affected individuals free credit monitoring, fraud consultation, and identity restoration services for a duration of 24 months.
A zero-day exploit, in this case, refers to a cyberattack that capitalizes on a software vulnerability that is unknown to the software’s creators or antivirus vendors. The attackers identified and exploited this vulnerability in the MOVEit Transfer tool to access sensitive client data, including names, addresses, and financial data, such as account numbers and credit/debit card information. Kearny Bank emphasized that its in-house applications and systems remained secure during the breach, shifting the focus to securing the impacted clients’ data and providing them with support and protection against potential fraud or identity theft.