Vendor MOVEit Event
On October 19, 2023, Wayne Bank was notified by a third-party Information Technology (IT) service provider of a data security incident that involved unauthorized access to a number of its financial institution clients’ customer data, including Wayne Bank customer information, in one of their file transfer applications, MOVEit. Please note, the vulnerability discovered in MOVEit did not involve any of Wayne Bank’s internal systems and did not impact our ability to service our customer.
The incident involved vulnerabilities discovered in MOVEit Transfer, a file transfer software used by our vendor to support services it provides to Wayne Bank and its related institutions. MOVEit is a commonly used secure Managed File Transfer (MFT) software, which supports file transfer activities used by thousands of organizations around the world, including government agencies and major financial firms.
Our service provider launched an investigation into the nature and scope of the MOVEit vulnerability’s impact on its systems and discovered that the unauthorized activity in the MOVEit Transfer environment occurred between May 27 and 31, 2023, which was before the existence of this vulnerability was publicly disclosed. During that time, unauthorized actors obtained our vendor files transferred by MOVEit. These files included Wayne Bank and related institution customer information.
Wayne Bank takes the protection of our customers’ personal information very seriously and, upon learning of this incident, immediately launched a comprehensive investigation. Our service provider advises us that they have remediated the technical vulnerabilities and patched the systems in accordance with the MOVEit software provider’s guidelines. To help prevent something like this from happening again, our service provider also mobilized a technical response team to examine the relevant MOVEit Transfer systems and ensure that there were no further vulnerabilities.
We have begun notifying impacted customers. For these customers we have arranged complimentary free identity monitoring service through Kroll for two years. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data. Identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.
For more information on identity theft protection, including instructions on how to activate your free identity monitoring, as well as some additional steps you can take for your protection, please review the documents enclosed with this letter.
Please be assured that we are taking steps to address this incident and help protect the security of impacted customers. A special customer call center has been set up to answer any questions about the incident. Please feel free to contact the center at 866-799-0690, Monday-Friday, 9:00 a.m. to 5:00 p.m. Eastern Time, during standard business days.
Sincerely,
John Carmody
Executive Vice President and
Chief Credit Officer
Wayne Bank
For more information on identity theft, you may visit the following websites:
Federal Trade Commission
Pennsylvania Attorney General
New York State Attorney General
New York Department of State Division of Consumer Protection
Florida Attorney General
New Jersey Attorney General