Some M&T Bank customers’ information may have been stolen in what was a massive cyber-attack, impacting many other companies too.
In a statement, the bank says it wasn’t their internal system that was involved, but rather a third-party company that it uses for file transfer software.
“M&T was informed about a recent global cybersecurity incident involving MOVEit, a file transfer software owned by Progress Software and used by government agencies, major financial firms, and thousands of other organizations, which resulted in the potential exposure of customer information for any organizations using the software,” an M&T spokesperson said in a statement.
NBC News reports that a Russian-speaking cybercrime group, CL0P, appears to have identified a flaw in MOVEit, impacting many big companies or entities that use their software like the BBC, Shell, Johns Hopkins Health Systems, British Airways, the State of Illinois, and the departments of motor vehicles of Oregon and Louisiana, too.
M&T Bank says an investigation determined “that limited customer information held by certain third-party service providers was compromised,” including names, addresses, and M&T account numbers. “No PINs or passwords were exposed. This information did not include sensitive data such as social security numbers, date of birth, or debit/credit card numbers.”
A spokesperson says the bank reaching out directly to customers impacted and providing free credit monitoring.
Once it learned of the cybersecurity breach, it immediately installed security patches.