>
Hatch Bank has become the second company to suffer the fallout from the GoAnywhere MFT data breach, further demonstrating just how dangerous supply chain attacks can be.
The financial technology company filed a report with the Attorney General’s office saying threat actors exploited a flaw in GoAnywhere MFT to steal sensitive data (opens in new tab) on nearly 140,000 customers.
“On January 29, 2023, Fortra experienced a cyber incident when they learned of a vulnerability in their software,” Hatch Bank told affected customers. “On February 3, 2023, Hatch Bank was notified by Fortra of the incident and learned that the files on Fortra’s GoAnywhere site were subject to unauthorized access.”
Steal social security numbers
GoAnywhere MFT is a popular file sharing service developed by Fortra and used by large companies to securely share sensitive files.
According to Hatch, the attackers managed to obtain customer names and social security numbers. To resolve the issue, the company is providing affected customers with free access to credit monitoring services for 12 months.
Hatch did not say the name of the group behind the attack, but according to BleepingComputer it was the Clop ransomware gang. The group confirmed the attack on the publication, saying it used a zero-day vulnerability in Fortra’s GoAnywhere MFT-secure file-sharing platform to steal data for nearly two weeks. The zero-day it mentions is CVE-2023-0669, a remote code execution flaw that was patched in early February of this year.
While BleepingComputer was unable to verify Clop’s claims, Huntress Threat Intelligence Manager Joe Slowik apparently found evidence linking GoAnywhere MFT and TA505, the hacking group known for deploying Clop ransomware.
Clop was also the one who claimed responsibility for the attack on the first major victim, Community Health Systems, saying that the zero-day in GoAnywhere MFT enabled as many as 130 companies to breach.
Through: Beeping computer (opens in new tab)