Financial Institution Service Corp. Notifies Over 750k Consumers of Massive Data Breach Related to MOVEit Vulnerability

Console and Associates, P.C.

On September 22, 2023, Financial Institution Service Corp. (“FISC”) filed a notice of data breach with the Attorney General of Maine after discovering that a vulnerability in the file-transfer application MOVEit allowed hackers to access the personal information of more than 750,000 people. In this notice, FISC explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, dates of birth, Social Security numbers, driver’s license numbers, other government-issued identification numbers, financial account information, telephone numbers, and credit and/or debit card numbers. Upon completing its investigation, FISC began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Financial Institution Service Corp., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Financial Institution Service Corporation data breach. For more information, please see our recent piece on the topic here.

What Caused the Financial Institution Service Corporation Breach?

The Financial Institution Service Corporation data breach was only recently announced, and more information is expected in the near future. However, FISC’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, FISC provides data processing and services to financial institutions. In the normal course of business, FISC relies on a file-transfer application called MOVEit, which is a product of Progress Software.

On May 31, 2023, Progress made public announcements about a vulnerability within MOVEit.

Once FISC learned of the MOVEit vulnerability, the company installed all available patches and took all steps to mitigate any threat of unauthorized access. FISC also launched an investigation to determine the impact of the MOVEit vulnerability on the information stored within FISC’s MOVEit environment.

The FISC investigation confirmed that hackers exploited the MOVEit vulnerability between May 30, 2023 and May 31, 2023, removing certain data from FISC’s MOVEit server. It was later determined that some of the data consisted of confidential consumer information provided to FISC by some of the financial institutions that rely on FISC’s services.

After learning that sensitive consumer data was accessible to an unauthorized party, Financial Institution Service Corporation reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, date of birth, Social Security number, driver’s license number, other government-issued identification numbers, financial account information, telephone number, and credit and/or debit card number.

FISC notes that the incident affected the following financial institutions:

  • Hodge Bank & Trust Co.,
  • American Bank, Inc.,
  • First National Bank in DeRidder,
  • Lakeside Bank,
  • Jackson Parish Bank,
  • Heritage Bank of St Tammany,
  • Concordia Bank & Trust Company,
  • First Liberty Bank,
  • Farmers State Bank & Trust Company,
  • The Cottonport Bank,
  • Citizens Bank & Trust Co.,
  • RiverHills Bank,
  • Gibsland Bank & Trust,
  • Sabine State Bank,
  • Anthem Bank & Trust,
  • Delta Bank,
  • Louisiana National Bank,
  • Vermilion Bank,
  • Security State Bank of Oklahoma,
  • Winnsboro State Bank & Trust Company,
  • Bank of Moundville,
  • Merchants & Planters Bank,
  • American Bank & Trust Company,
  • Bank of Oak Ridge,
  • Resource Bank,
  • Bank of Winnfield and Trust Company,
  • Homeland Bank,
  • Crescent Bank,
  • Marion State Bank,
  • Plaquemine Bank and Trust Co.,
  • Peoples Bank,
  • City Bank and Trust Company,
  • Washington State Bank,
  • Metairie Bank,
  • Jonesboro State Bank,
  • Caldwell Bank and Trust and
  • Citizens Progressive Bank.

On September 22, 2023, Financial Institution Service Corporation sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Financial Institution Service

Founded in 1969 as First National Computer Center as a subsidiary of First National Bank, Financial Institution Service is an information services company based in West Monroe, Louisiana. FISC operates as a cooperative that services approximately 60 banks. FISC serves financial institutions in Alabama, Louisiana, Mississippi, Oklahoma, and Texas. Financial Institution Service Corporation employs more than 82 people and generates approximately $20 million in annual revenue.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide