Patrick Miller-Bartley
Tue, 09/05/2023
An M&T Bank customer filed a lawsuit on August 25th, alleging that M&T Bank negligently handled the personal and financial information of over 95,000 of its customers. The lawsuit, filed in federal Court in Buffalo, New York, on behalf of a class of affected M&T customers, alleges the data was misappropriated in a data breach that occurred some time between May and June of this year. The data contains personally identifiable and financial information, including names, addresses, and account numbers for a variety of accounts, according to a notice the bank sent to potentially-affected customers.
M&T Bank sent notices to potentially-affected customers in early August. The notices explained that the breach stemmed from the bank’s use of the file transfer software MOVEit. Hackers had identified and exploited a security vulnerability in the software, and used it to misappropriate the files transferred through the service. M&T Bank is not the only company to use the MOVEit software, and U.S. cybersecurity officials warned the public in June that that a ransomware game known has CL0P had been stealing data from MOVEit’s transfer databases since late May.
As companies collect more and more of our data as a condition of doing business, they also create a risk that nefarious actors will steal that data. These companies have an obligation to safeguard against such events, but many fail to do so. For information on other recent data breaches, visit https://www.mselaborlaw.com/data-breach-notices. If you’ve received notice that your personal data has been compromised, don’t hesitate to contact us to discuss your options.
