Piscataqua Savings Bank reports MOVEit related data breach

Piscataqua Savings Bank based in Portsmouth, New Hampshire is reporting a data breach an unspecified number of its deposit account holders. This incident occurred due to a breach experienced by a third-party vendor who was using the vulnerable MOVEit software earlier this year. 

Piscataqua Savings Bank was informed this summer that certain client data were compromised.

The data includes:

• names,
• Social Security numbers,
• birth dates,
• account numbers,

It was found that the breach originated from a compromised file transfer software named the MOVEit Transfer application. The breach at Piscataqua Savings Bank specifically occurred when customer data was accessed from a file designated for the New Hampshire Department of Child Services. This file is a state-mandated monthly submission.  The vendor Piscataqua Savings Bank employed for processing transactions was affected in this breach.

The bank chose not to disclose the number of bank clients affected by this data theft. The bank itself was not directly compromised or specifically targeted. Online banking credentials of customers remained untouched during this attack.

Piscataqua Savings Bank was alerted about the implications of this breach on them on August 3rd, and they communicated the same to their account holders through a letter on August 23rd, followed by another letter in mid-October.

To support its customers post-breach, Piscataqua Savings Bank has collaborated with Kroll, an identity monitoring service. They are offering complimentary support to their customers for an upcoming two-year period.