A security breach reportedly affecting tens of millions of consumers worldwide and at least 1,000 organizations also has hit M&T Bank, one of Connecticut largest lenders.
In a recent letter to customers, M&T disclosed that the bank’s internal systems were not affected by the software breach, but customer information was exposed at an outside service provider hired by M&T.
The information included names, addresses and account numbers for checking, savings and money market accounts, according to M&T’s customer letter.
“While this data was exposed, rest assured no PINs, passwords or other sensitive data such as social security numbers, date of birth or debt/credit numbers was accessed,” the letter stated. “While we do not believe that this presents elevated risk to you, we are required by law to provide you with this notice.”
In a statement Tuesday, an M&T spokesperson said once the breach was discovered, the required “security patches” were placed in M&T’s computer systems and an investigation was launched to determine which customers were affected. Those customers are now being notified, the bank said.
“M&T’s internal systems were not compromised, and they continue to remain secure,” the spokesperson said.
M&T declined Tuesday to disclose how many Connecticut customers were affected by the security breach. M&T acquired Bridgeport-based People’s United in spring 2022 for $8.3 billion.
The office of Attorney General William Tong issued a statement Tuesday that said, “Our office is aware of the breach and right now we are closely monitoring the situation.”
The breach involved the file transfer tool MOVEit that is owned by Progress Software. MOVEit is used to transfer sensitive information over the internet, according to TechCrunch, global online newspaper focusing on high tech and startup companies.
TechCrunch reported that the “notorious Clop ransomware and extortion gang” raided MOVEit servers and stole customer data, beginning in May.
“Since then, Clop’s attacks and threats to publish the stolen data if it doesn’t receive payments have continued unabated, as have the number of known victim organizations, known impacted individuals and the costs associated with the fallout,” TeleCrunch reported.
The breach has affected a broad swath of organizations including banks, hotels, health care providers and colleges, including Johns Hopkins University. The breach also is spawning class-action lawsuits, including against M&T, for failure to adequately protect personal information.
In its letter, M&T told its customers that it is continuing to monitor for potential fraudulent activity. M&T also advised customers to keep an eye on accounts through online and mobile banking. Customers also have the option of signing up for alerts if a withdrawal or debit over a certain amount or if balances fall below a certain threshold.
M&T also is offering to pay for a year of credit monitoring through Experian, the credit reporting agency.
Kenneth R. Gosselin can be reached at kgosselin@courant.com.
——————————————————–
Click Here For The Original Story From This Source.
