Hatch Bank

Hatch Bank is a United States-based financial institution, as indicated by its operational headquarters location and the nature of the compromised data, which included customers' Social Security numbers and names. The bank's core function involves handling sensitive personally identifiable information for its customer base, a standard practice for entities in the retail banking sector. The confirmed incident details establish that the organization serves a substantial number of individuals, with a single breach impacting approximately 140,000 customers, suggesting a significant customer footprint. No further explicit information is provided regarding its specific product portfolio, market segments, or comparative size within the banking industry.

The organization's recent operational history is defined by a major cybersecurity incident that occurred in late January 2023. Attackers, attributed to the Clop ransomware group, exploited a zero-day remote code execution vulnerability in Fortra's GoAnywhere Managed File Transfer software. This exploit facilitated the unauthorized access and exfiltration of data belonging to about 140,000 customers. Hatch Bank's response included securing affected systems, launching an internal investigation, notifying law enforcement, and providing complimentary credit monitoring services to impacted individuals. The breach was part of a broader campaign targeting multiple organizations using the same software flaw, with Fortra, the vendor, having identified the vulnerability but notifying customers only after public disclosure. This event represents a confirmed, severe compromise of the bank's customer data protection controls.