On July 10, 2023, Rockland Trust Company reported a data breach involving its vendor’s use of MOVEit file transfer software. The breach, disclosed in a notice to the Attorney General of Maine, revealed that unauthorized parties accessed sensitive customer data. This data included names, addresses, account numbers, email addresses, bill payment amounts, and payee details. Rockland Trust initiated a notification process to inform affected individuals about the breach.
The breach was linked to a vulnerability in MOVEit, discovered by its creator, Progress Software, on May 31, 2023. The third-party vendor, which processes online banking transactions for Rockland Trust, informed the bank of the breach on June 13, 2023. The period of unauthorized access was between May 27 and May 31, 2023. Rockland Trust and its vendor conducted investigations to assess the extent of the breach.
Following the breach discovery, Rockland Trust reviewed the compromised files to identify the affected data and individuals. The impacted information varied by individual but included personal and financial details such as names, addresses, and account numbers. Rockland Trust began sending out data breach notification letters to those affected by the incident.
Rockland Trust Company, founded in 1907 and based in Rockland, Massachusetts, provides banking, investment, and insurance services. The company operates over 85 branches in Massachusetts and Rhode Island, employing more than 1,691 people and generating around $531 million in annual revenue. The breach highlights vulnerabilities associated with third-party vendor software and the importance of securing sensitive information.
Reference: