M&T Bank, along with several other companies, has fallen victim to a massive cyberattack that has potentially led to the theft of customer information. The bank has clarified that the breach did not occur within its own internal systems, but rather within a third-party company responsible for file transfer software.
Furthermore, this incident was linked to the MOVEit software, owned by Progress Software, which is widely used by government agencies, major financial firms, and numerous other organizations. As a result, customer information across various entities using the software was exposed to potential compromise.
The breach has garnered attention due to its impact on a multitude of prominent organizations, including BBC, Shell, Johns Hopkins Health Systems, British Airways, and government departments like those in Illinois, Oregon, and Louisiana. The Russian-speaking cybercrime group CL0P is suspected to be behind the attack, having exploited a flaw in the MOVEit software.
Despite the breach, M&T Bank emphasizes that customer data exposed was limited to certain third-party service providers, encompassing details such as names, addresses, and M&T account numbers. Sensitive information like social security numbers, birthdates, and debit/credit card numbers remained uncompromised.
M&T Bank is taking active measures to address the breach, reaching out directly to impacted customers and offering complimentary credit monitoring services. Additionally, the bank swiftly responded to the situation by installing necessary security patches to prevent further vulnerabilities.
While the cyberattack has highlighted the vulnerabilities of third-party software systems, the incident underscores the importance of robust cybersecurity measures and prompt mitigation strategies in the face of evolving digital threats.
