On September 15, 2023, Cadence Bank (“Cadence”) filed a notice of data breach with the Attorney General of Montana after discovering that MOVEit, a file transfer application used by Cadence, contained a critical vulnerability. In this notice, Cadence explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and financial account information. Upon completing its investigation, Cadence began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification discussing a MOVEit data breach at Cadence Bank, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the MOVEit / Cadence Bank data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Cadence Bank Customers?

The Cadence Bank data breach was only recently announced, and more information is expected in the near future. However, Cadence’s filing with the Attorney General of Montana provides some important information on what led up to the breach. According to this source, on June 1, 2023, Cadence learned about a previously unknown vulnerability within MOVEit, a popular file-transfer application used by Cadence. Evidently, Progress Software, the creator of MOVEit, announced the presence of the vulnerability on or around May 31, 2023.

In response, Cadence installed all patches released by Progress Software to remediate the incident. Additionally, Cadence reported the incident to law enforcement and then launched an investigation with the assistance of third-party data security specialists.

On June 18, 2023, the Cadence investigation confirmed that an unauthorized party was able to access confidential information stored within the MOVEit environment.

After learning that sensitive consumer data was accessible to an unauthorized party, Cadence Bank reviewed the compromised files to determine what information was leaked and which consumers were impacted. Cadence completed this process on August 16, 2023. While the breached information varies depending on the individual, it may include your name, address, date of birth, Social Security number, driver’s license number, and financial account information.

On September 15, 2023, Cadence Bank sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

Note that while this incident affected information provided to Cadence Bank, it was not due to a breach of any of Cadence Bank’s computer systems. All compromised information was accessed through the company’s instance of MOVEit.

More Information About Cadence Bank

With roots dating back to 1876, Cadence Bank is a regional banking franchise based in Tupelo, Mississippi. Cadence Bank offers its customers the traditional products found at most financial institutions, including checking and savings accounts, credit cards and loans, mortgages, wealth management services, business banking services and insurance products. Cadence Bank operates over 350 branches throughout the southern United States. Cadence Bank employs more than 6,479 people and generates approximately $1.8 billion in annual revenue.