Cadence Bank Confirms MOVEit Data Breach Compromised Customer Information

Console and Associates, P.C.

On September 15, 2023, Cadence Bank (“Cadence”) filed a notice of data breach with the Attorney General of Montana after discovering that MOVEit, a file transfer application used by Cadence, contained a critical vulnerability. In this notice, Cadence explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and financial account information. Upon completing its investigation, Cadence began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification discussing a MOVEit data breach at Cadence Bank, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the MOVEit / Cadence Bank data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Cadence Bank Customers?

The Cadence Bank data breach was only recently announced, and more information is expected in the near future. However, Cadence’s filing with the Attorney General of Montana provides some important information on what led up to the breach. According to this source, on June 1, 2023, Cadence learned about a previously unknown vulnerability within MOVEit, a popular file-transfer application used by Cadence. Evidently, Progress Software, the creator of MOVEit, announced the presence of the vulnerability on or around May 31, 2023.

In response, Cadence installed all patches released by Progress Software to remediate the incident. Additionally, Cadence reported the incident to law enforcement and then launched an investigation with the assistance of third-party data security specialists.

On June 18, 2023, the Cadence investigation confirmed that an unauthorized party was able to access confidential information stored within the MOVEit environment.

After learning that sensitive consumer data was accessible to an unauthorized party, Cadence Bank reviewed the compromised files to determine what information was leaked and which consumers were impacted. Cadence completed this process on August 16, 2023. While the breached information varies depending on the individual, it may include your name, address, date of birth, Social Security number, driver’s license number, and financial account information.

On September 15, 2023, Cadence Bank sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

Note that while this incident affected information provided to Cadence Bank, it was not due to a breach of any of Cadence Bank’s computer systems. All compromised information was accessed through the company’s instance of MOVEit.

More Information About Cadence Bank

With roots dating back to 1876, Cadence Bank is a regional banking franchise based in Tupelo, Mississippi. Cadence Bank offers its customers the traditional products found at most financial institutions, including checking and savings accounts, credit cards and loans, mortgages, wealth management services, business banking services and insurance products. Cadence Bank operates over 350 branches throughout the southern United States. Cadence Bank employs more than 6,479 people and generates approximately $1.8 billion in annual revenue.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide