CANTON, Mass. — Thousands of Massachusetts customers who use the Bank of Canton may have had personal information, such as account numbers and social security numbers, exposed following a data breach, a bank spokesperson confirmed to Boston 25.
Approximately 9,540 people who use the Bank of Canton may have had their banking information exposed after Fiserv, one of the bank’s vendors, was impacted by a cyber security incident around or on May 27, 2023.
A bank spokesperson says clients were notified after the bank received the necessary information from Fiserv.
Although the bank says there is no evidence any of its customers have experienced fraud at this time, clients can enroll in a free two-year identity protection service including credit monitoring, fraud consolation and identity theft restoration. Customers can also opt-in for security alerts warning them of potential fraudulent charges to their accounts.
The client’s data was stored in an unstructured, technical format but could reveal customer’s names and other personal info “if successfully parsed and digested”, a Bank of Canton spokesperson details.
In a letter to customers, the Bank of Canton detailed that the cybersecurity incident stemmed from an issue with Fiserv’s MOVEit Managed File Transfer application, a software used by companies nationwide that has been the target of hackers following the reveal of a vulnerability in the program’s protection. Fiserv informed the Bank of Canton that its customers’ data may have been obtained as a result of the vulnerability on August 3. The bank then notified customers about the incident on September 22nd after a detailed review, a bank spokesperson says.
“[Fiserv] has also informed us that it has patched the technical vulnerabilities related to the MOVEit software and remediated this event in accordance with the MOVEit software provider’s guidelines. We will continue our customary monitoring for unusual activity through the various automated fraud detection and analytical tools already in place,” the Bank of Canton wrote the letter.
530 residents who live outside the Bay State were also notified of the incident.
Bank clients wishing to sign up for the free identity protection service must do so within 90 days.
Concerned customers can contact bank officials at 866-846-0597 during normal business hours.
This is a developing story. Check back for updates as more information becomes available.
Download the FREE Boston 25 News app for breaking news alerts.
©2023 Cox Media Group