Cyber Incident Victim: Cadence Bank, N.A.
Date:
May 2023
Location:
United States of America
Summary
Cadence Bank was impacted by a global cybersecurity incident involving Progress Software’s MOVEit Transfer application, a tool it uses for secure file transfers. The incident compromised sensitive information belonging to certain individuals. In response, the bank immediately implemented security protocols to contain the situation and launched a thorough investigation to determine the full extent of the impact, which remains ongoing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 31, 2023, Progress Software publicly announced a cybersecurity incident affecting its MOVEit managed file transfer product. This announcement followed the company’s discovery of a critical vulnerability in the software the evening of the same day. The incident was immediately recognized as a global event, believed to have impacted hundreds of government and private entities worldwide due to the widespread use of the MOVEit application for secure file transfers. Cadence Bank, a regional banking institution, was among the organizations that utilized the MOVEit Transfer application as part of its normal course of business operations for transferring files.
Upon learning of the Progress Software announcement and the associated vulnerability, Cadence Bank implemented its security protocols to contain the situation. The bank launched a thorough investigation to determine the extent to which its use of the MOVEit application had been impacted and to identify any individuals whose sensitive information may have been compromised. This investigation was initiated promptly following the public disclosure of the incident by the software vendor. The bank’s response was focused on understanding the scope of the potential data exposure within its own systems.
The investigation undertaken by Cadence Bank was ongoing as of September 15, 2023. Following a detailed analysis of the data involved, the bank confirmed that there had been some impact regarding sensitive information. The analysis confirmed that certain files transferred using the MOVEit application had been compromised due to the exploitation of the vulnerability. This confirmation established that unauthorized actors had successfully accessed data held within the bank’s instance of the MOVEit platform. The exact nature and full scope of the compromised data were part of the continuing investigation.
As a result of the confirmed data compromise, Cadence Bank committed to providing formal notification to all impacted individuals. This notification process was planned to follow applicable state laws and regulations governing data breach disclosures. The bank acknowledged that the incident had resulted in the exposure of sensitive personal information, though the specific data elements for each affected individual were not detailed in the public update. The compromise was a direct consequence of the global attack on numerous MOVEit Transfer application users.
The primary impact of the incident was the unauthorized access to and exfiltration of sensitive customer or employee data that was being transferred or stored within the MOVEit environment. The bank’s use of the application for standard business file transfers meant that a variety of confidential information could have been present in the affected system. The incident did not involve a direct breach of the bank’s core internal banking systems or networks; the compromise was isolated to the third-party file transfer utility. The consequences included potential fraud and identity theft risks for the individuals whose information was accessed.
In its public communication on September 15, 2023, Cadence Bank provided a dedicated contact number for individuals with questions specifically about the cybersecurity incident. The bank also directed its general customer base to contact its standard customer service line for questions pertaining to their bank accounts. The bank’s response included encouraging all customers to take proactive steps to protect their personal information due to the widespread nature of the MOVEit vulnerability, reflecting the broad scale of the attack beyond its own organization.
The incident was part of a larger pattern of cyberattacks targeting the zero-day vulnerability in the MOVEit software, which was exploited by a cybercriminal group. This group engaged in widespread attacks against numerous organizations using the file transfer tool, leading to one of the most significant data theft campaigns of the year. The attackers’ method involved exploiting the vulnerability to gain unauthorized access to MOVEit Transfer servers, where they could then download files containing sensitive data. Cadence Bank’s data was compromised as a result of this large-scale exploitation effort.
Cadence Bank’s containment actions involved immediately applying the security patches and mitigation strategies released by Progress Software following the discovery of the vulnerability. By implementing these protocols, the bank sought to secure its MOVEit application instance against further unauthorized access. The investigation to determine the full impact on individuals and the specific data involved continued for several months after the initial May disclosure, culminating in the confirmation of data compromise and the planning for customer notifications in September. The bank’s public update served as its official disclosure of involvement in the global incident.