Fidelity National Information Services had a data breach in May that affected about 873,000 bank customers, according to a data breach notification filed by Fidelity & Guaranty Life Insurance Co. (F&G) with the Maine Attorney General’s office on Aug. 11.
The data included names and Social Security numbers, according to the F&G filing, and affected customers of Umpqua Bank, Valley Bank, and Sound Community Bank.
“The affected personal information may have included your name, address, Social Security number, and your Valley loan number for one or more loans you currently have, or previously had, with Valley,” a letter Valley Bank sent out to customers read. “No deposit account or online banking information was included in the affected records.
According to the Maine AG filing, the breach was caused by a third-party security incident due to a vulnerability with MOVEit Transfer software, a file transfer program.
“On or around May 31, 2023, Progress Software, the provider of MOVEit Transfer software, disclosed a vulnerability in their software that had been exploited by an unauthorized third party,” Pension Benefit Information, LLC (PBI) wrote to their affected bank customers. “PBI promptly launched an investigation into the nature and scope of the MOVEit vulnerability’s impact on our systems. Through the investigation, we learned that the third party accessed one of our MOVEit Transfer servers on May 29, 2023, and May 30, 2023, and downloaded data.”
After the breach was detected, F&G suspended use of MOVEit Transfer and patched servers.
The breach was discovered June 20 and consumers were notified July 28.