October 21, 2024
First Keystone Community Bank recently disclosed a data breach involving customer information, stemming from a cyberattack on Fiserv, one of its third-party technology providers. While the bank’s internal systems remain secure, the breach underscores the complexities of data security within financial networks dependent on multiple layers of technological support.
Incident Overview
The breach occurred in May 2023 and involved Fiserv’s MOVEit Transfer tool—a widely used managed file transfer (MFT) service from Progress Software, designed for secure file sharing. Fiserv detected unauthorized access within MOVEit Transfer from May 27 to May 31, 2023. Following their investigation, Fiserv determined that certain files, containing customer information, may have been accessed by unauthorized parties.
Fiserv notified First Keystone of the breach in October 2023, prompting the bank to conduct an extensive internal review. According to First Keystone, this process confirmed that some customers’ personal information was included in the impacted files, which varied by individual. Although social security numbers were reportedly unaffected, compromised data might include names, driver’s license or state ID numbers, and financial account details.
Customer Safeguards and Response
While there has been no confirmed misuse of the data, First Keystone advises customers to remain vigilant. The bank has provided a helpline for inquiries at 855-277-9030 and is offering guidance on protective measures, including free credit monitoring, fraud alerts, and credit freezes.
First Keystone reassured customers that steps are being taken to prevent similar incidents in the future. According to the bank, Fiserv has addressed the vulnerabilities in MOVEit Transfer by patching the software and employing a dedicated response team to monitor and secure the affected systems.
Steps for Affected Customers
To protect against potential identity theft, customers are encouraged to:
- Request a Free Credit Report: Under U.S. law, consumers can access a free credit report from each of the three major credit bureaus once a year. Reports can be requested through annualcreditreport.com or by calling 1-877-322-8228.
- Place a Fraud Alert: A fraud alert notifies creditors to verify identities before approving credit. This alert can be requested from any major credit bureau and lasts for one year. Customers who have experienced identity theft can request a seven-year extended fraud alert.
- Initiate a Credit Freeze: A credit freeze limits access to credit reports, helping prevent new accounts from being opened fraudulently. To set up a credit freeze, individuals may need to provide proof of identity and recent address details. Freezes can be temporarily lifted for legitimate applications as needed.
Resources for Support
Consumers are encouraged to consult the Federal Trade Commission (FTC) or state Attorney General’s office for further information on identity theft prevention. The FTC offers a comprehensive guide at identitytheft.gov and can be reached at 1-877-ID-THEFT (1-877-438-4338).
This breach serves as a reminder of the ongoing cyber risks in the financial sector, with institutions increasingly dependent on third-party technology providers. First Keystone has pledged to uphold the security of its systems and strengthen its protocols, aiming to ensure customer data privacy amidst evolving cybersecurity threats.
For ongoing updates, stay tuned to local news outlets and First Keystone’s website.