Cyber Incident Victim: Guardian Analytics
Date:
Nov 2022
Location:
United States of America
Summary
A third-party data breach at Guardian Analytics, a vendor for Webster Bank, exposed sensitive customer information after unauthorized access to the vendor's systems. The compromised data included names, Social Security numbers, and financial account details belonging to the bank's clients. Following an investigation confirming the incident, Webster Bank reviewed affected files to identify impacted individuals and subsequently issued breach notifications. The regional financial institution provides banking services across multiple states and operates under its parent company, Webster Financial Corporation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 26, 2023, Webster Bank discovered that Guardian Analytics, Inc., a third-party vendor providing services to the bank, had experienced a data security incident potentially affecting Webster Bank customers. Guardian Analytics initiated an investigation into the breach, which revealed unauthorized access to its computer systems between November 27, 2022, and January 22, 2023. The investigation confirmed that the unauthorized actor obtained access to files containing confidential customer information from Webster Bank. The compromised data included sensitive consumer details such as names, Social Security numbers, and financial account information. Webster Bank subsequently conducted its own review of the affected files to identify the specific individuals impacted and the nature of the exposed data. The bank determined that the breached information varied by individual but consistently involved highly sensitive personal and financial identifiers capable of facilitating fraud or identity theft.
Webster Bank formally reported the breach to the Maine Attorney General on April 10, 2023, and began notifying affected customers through data breach letters the same day. The breach stemmed from a third-party system compromise at Guardian Analytics, exposing Webster Bank client data stored or processed by the vendor. While the bank’s internal systems were not directly breached, the incident impacted customers whose data was accessible to the vendor. As a regional bank operating 177 branches across four states and generating approximately $2.5 billion in annual revenue, Webster Bank faced significant operational and reputational risks due to the exposure of customer financial data. The breach notification process aimed to inform affected individuals of the potential misuse of their personal information, though neither the bank nor the vendor disclosed technical details regarding the attack vector, containment measures, or the total number of impacted individuals in the available filing.