CHADDS FORD, Penn.– Franklin Mint FCU has confirmed the MOVEit data breach could affect its 140,000 members.
According to the law firm JDSupra, FMFCU filed a notice of data breach with the Attorney General of Maine after discovering that MOVEit, a file transfer application used by FMFCU, contained a critical vulnerability allowing hackers to access confidential information belonging to FMFCU members.
The breach is believed to have involved more than a dozen financial institutions.
In its notice, FMFCU stated the incident resulted in an unauthorized party being able to access members’ sensitive information, which includes their names, Social Security numbers, and financial account numbers, according to JDSupra.com.
Notifications Sent
Upon completing its investigation, FMFCU began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident, the report added.
“The Franklin Mint Credit Union data breach was only recently announced, and more information is expected in the near future. However, FMFCU’s filing with the Attorney General of Maine provides some important information on what led up to the breach,” JDSupra.com stated. “According to this source, FMFCU uses a file transfer program called MOVEit, which was created by Progress Software. On June 1, 2023, FMFCU became aware of an alert issued by the Cybersecurity and Infrastructure Security Agency addressing a vulnerability within MOVEit.
Patches Installed
“After learning about the MOVEit vulnerability, FMFCU installed all available patches to eliminate the vulnerability and then launched an investigation to determine what, if any, customer data was leaked as a result,” the report continued. “On June 19, 2023, the FMFCU investigation confirmed that the MOVEit vulnerability allowed an unauthorized party to access documents stored on FMFCU’s MOVEit server. This included files that stored confidential customer information.”
On July 20, 2023, Franklin Mint FCU sent out data breach letters to anyone who was affected by the recent data security incident, the report said.