A third-party service provider which we rely-on to do everyday business, has experienced a data security incident. Due to this data security incident, it is possible an unauthorized individual gained access to your name, checking account number, and other information printed on your checks. Citizens Savings Bank takes the protection and proper use of your information very seriously. For this reason, we have taken measures to notify you and keep you informed of the current circumstances.
Our bank uses outside service providers for a variety of banking related services. One service is to clear checks written on or deposited to accounts at this bank by way of digitally scanned images of those checks to submit for processing. The processing of these checks requires scanned images of the checks to be transferred between financial institutions to complete the clearing process. The service provider we utilize for this process relies on a file transfer software, MOVEit Transfer. The MOVEit Transfer software is developed by Progress Software. In June 2023, the service provider learned from Progress Software of a software vulnerability that could allow unauthorized access to servers which were utilized to transfer these check images.
Our service provider responded by swiftly applying 3 software patches provided by Progress Software and opening an investigation into the event. Law enforcement was notified and data forensic experts were utilized to assist in its investigation. The investigation determined that unauthorized individuals had likely used the vulnerability to access the service provider’s MOVEit server on May 27, 2023. This could have allowed the unauthorized individual to access files stored on the server, which may have included images of your checks and/or your checking account number. However, it has not been determined which files the unauthorized individual acquired.
What information was involved?
Files stored on the MOVEit server included images of checks and checking number information. In other words, potentially compromised information includes anything printed on the face or back of the checks including as applicable the account holder’s name, address, routing number, account number, and signature. Due to the inability to confirm which files the unauthorized individual acquired, it is unknow whether your account number and other information were among the files acquired by the unauthorized individuals.
What can you do?
You should remain vigilant over the next 12 to 24 months for incidents of fraud and identity theft by reviewing account statements and monitoring your credit report for unauthorized activity. Promptly report incidents of suspected identity theft or suspicious activity to your bank. To gain 24/7 access for monitoring your account please utilize our Online Banking and eStatement Services by visiting www.CitizensSB.com.
The Louisiana OMV recently released a statement regarding an incident in which affected a majority of Louisiana residents that was a result of the same software exploit. For further information regarding this related topic please visit https://gov.louisiana.gov/.
What is being done?
Law enforcement and federal regulators have been notified regarding this incident. Software patches provided by Progress software have been made in an effort to prevent future vulnerabilities, and the service provider is reviewing and updating its security policies and incident response plans to reduce the risk of similar events occurring in the future.
For more information.
If you have further questions please visit our website www.CitizensSB.com/events or contact us (985)735-6555, Monday through Friday from 8:30 a.m. to 4:00 p.m. Central Time.