On September 22, 2023, Johnson Financial Group filed a notice of a data breach with the Attorney General of Maine after learning that a vendor used by the company experienced a MOVEit data breach. In this notice, JFG explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, email addresses, addresses, phone numbers, account numbers, Social Security numbers, dates of birth, driver’s license numbers, credit card numbers, and debit card numbers. Upon completing its investigation, JFG began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Johnson Financial Group, it is essential you understand what is at risk and what you can do about it. While this incident didn’t involve JFG’s computer system, it still affected JFG customers. This is because hackers were able to access the MOVEit environment of one of JFG’s vendors where confidential JFG customer information was stored. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Johnson Financial Group vendor data breach. For more information, please see our recent piece on the topic here.

What Caused the Johnson Financial Group Vendor Data Breach?

The Johnson Financial Group vendor data breach was only recently announced, and more information is expected in the near future. However, JFG’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, on May 31, 2023, Progress Software, the creator of MOVEit, announced a critical vulnerability within MOVEit.

Subsequently, JFG was notified by one of its vendors that used MOVEit that certain personal information belonging to JFG customers was compromised as a result of the MOVEit vulnerability.

After learning that sensitive consumer data was accessible to an unauthorized party, JFG’s vendor reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, email address, address, phone number, account number, Social Security number, date of birth, driver’s license number, credit card number, and debit card number.

On September 22, 2023, Johnson Financial Group sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

Please note that this incident did not involve hackers gaining access to any computer system belonging to Johnson Financial Group. The compromised data was limited to that which was stored on the vendor’s MOVEit server.

More Information About Johnson Financial Group

Founded in 1970, Johnson Financial Group is a financial institution based in Racine, Wisconsin. JFG provides customers with traditional banking services, including checking and savings accounts, personal loans, mortgages, business banking services, business loans, investment services, and wealth management services. JFG operates 33 locations in Illinois and Wisconsin. Johnson Financial Group employs more than 1,200 people and generates approximately $371 million in annual revenue.