Thousands of Massachusetts customers utilizing the services of the Bank of Canton have been notified about a potential data breach, resulting in the exposure of sensitive personal information.
According to a spokesperson for the bank, approximately 9,540 customers who maintain accounts with the Bank of Canton are believed to have had their personal banking information exposed due to a cybersecurity incident involving Fiserv, one of the bank’s third-party vendors. This breach occurred around or on May 27, 2023.
Bank of Canton clients were promptly notified once the necessary information was received from Fiserv, emphasizing the bank’s commitment to transparency in handling the situation.
While the bank asserts no evidence of customers falling victim to fraud, it has taken proactive steps to provide reassurance. The affected customers have been offered to enroll in a complimentary two-year identity protection service. This service encompasses credit monitoring, fraud consultation, and identity theft restoration. Furthermore, clients can choose to receive security alerts warning them about potential fraudulent charges on their accounts.
It’s worth noting that the compromised data was stored in an unstructured, technical format. Nevertheless, a Bank of Canton spokesperson explained that the data could reveal customer names and other personal information “if successfully parsed and digested.”
A letter sent to Bank of Canton customers elaborated that the cybersecurity incident was traced back to an issue with Fiserv’s MOVEit Managed File Transfer application. Numerous companies across the nation utilize this software, and it has become a target for hackers following the discovery of a vulnerability in its protection. Fiserv officially informed the Bank of Canton about this vulnerability on August 3. Subsequently, after a detailed review, the bank notified its customers about the incident on September 22.
“[Fiserv] has also informed us that it has patched the technical vulnerabilities related to the MOVEit software and remediated this event following the MOVEit software provider’s guidelines. We will continue our customary monitoring for unusual activity through the various automated fraud detection and analytical tools already in place,” the Bank of Canton stated in the letter.
In addition to Massachusetts customers, 530 residents living outside the state have also been notified about the incident, underlining the broader impact of this breach. For clients who wish to avail themselves of the free identity protection service, it is imperative to do so within the next 90 days. Bank of Canton officials have made themselves available to address any concerns or queries and can be reached at 866-846-0597 during regular business hours.