Horizon Bank

Horizon Bank is a financial institution headquartered in the United States of America. On May 30, 2023, the bank experienced a significant data security incident involving a third-party vendor. The breach occurred when the vendor's MOVEit file transfer software was compromised by an unauthorized party. This external actor accessed data files containing information for a select group of the bank's consumer clients. The compromised data included client names, account numbers, and outdated balances. The incident was strictly limited to the vendor's systems and did not involve any penetration of Horizon Bank's internal network or core banking infrastructure. Consequently, highly sensitive information such as Social Security numbers and online banking credentials was not present in the accessed files and was not compromised. The breach was formally documented by the Commonwealth of Massachusetts, indicating that some affected individuals were residents of that state.

This incident underscores Horizon Bank's reliance on external service providers for critical data transfer operations. The nature of the accessed data confirms the bank maintains consumer account information, including identifying details and financial records. The fact that the breach originated from a vendor vulnerability rather than an internal systems failure highlights a common risk vector for modern financial institutions that outsource certain technological functions. The bank's operational scope includes serving individual consumers, as evidenced by the "consumer clients" referenced in the breach summary. While the specific size or full market reach of Horizon Bank is not detailed in the available information, its status as a U.S.-based bank subjects it to federal and state financial regulations and consumer protection laws. The documented response through a state data breach notification process reflects compliance with applicable legal reporting requirements following such an event. The separation between vendor and internal systems, as noted in the incident overview, suggests a defined operational boundary in the bank's technology architecture.