July 12, 2023
CYBERSECURITY ALERT:
MOVEit Incident
What Is the MOVEit Vulnerability?

Recently, the public was made aware of a "critical" vulnerability in MOVEit Transfer, which is a secure managed file transfer (MFT) software used by a variety of organizations, including banks, corporations, and government agencies. The vulnerability allows malicious actors to perform an SQL injection within the MOVEit software, allowing that actor to escalate their privileges and capture data, which could include confidential information. (Sources: Tenable, Techzine)
Endpoint Security - Endpoint Protection Concept - Multiple Devices Secured Within a Network Security Cloud - Cloud-based Cybersecurity Software Solutions - 3D Illustration
What Does This Vulnerability Impact?

Certain vendors who use the MOVEit software are beginning to notify their customers (for example, banks and bank service providers) of the discovered vulnerability, subsequent incident, and the potential sensitive customer information that may have been obtained during the incident at certain organizations. Currently, these clients are being notified of specific sensitive customer information that was subjected to unauthorized access during the breach. The news of this vulnerability and the breach is a significant matter of concern, especially to those of us in the banking industry.

Please note that Sawyers & Jacobs LLC has NEVER used this solution, so we are referring to other industry providers who use this software.
What Action Should We Take?

If your financial institution has been affected by this incident, the team at Sawyers & Jacobs LLC is here to help. We can quickly provide support with incident response, the required regulatory computer-security incident notification, and possible customer response program activation.

Our firm helps banks mitigate the risk of such incidents through our wide range of services, such as cybersecurity incident response testing, vendor management, risk assessment facilitation, GLBA compliance, cybersecurity assessments, ransomware attack simulations, and other services which can be viewed here.

To learn more about our services, simply reply to this email or click the button below to contact Dana Wilkes, our Vice President - Client Services, at dwilkes@sawyersjacobs.com.
Feel free to share this alert within your organization.