U.S. division of CIBC apparently sideswiped by MOVEit hack

Share post:

Another Canadian bank’s U.S. division has apparently been sideswiped by the MOVEit file transfer server vulnerability.

CIBC National Trust of Chicago, part of the Toronto-based Canadian Imperial Bank of Commerce, is telling customers of its Private Wealth Management service that some of their personal information was copied when one of its third-party providers, Pension Benefit Information (PBI), was hit by a cyber attack in May.

The copy of the letter filed with the attorney general’s office of Massachusetts under its data breach notification law doesn’t say how PBI was compromised. However, in its letter to the Massachusetts AG’s office, PBI says its MOVEit server was hacked between May 29th and 30th, and a number of organizations have come forward since to say data PBI was processing for them was stolen at that time.

According to researchers at Emsisoft, since the end of May at least 41 organizations have admitted that the hack of PBI’s MOVEit server resulted in loss of data they sent to the company.

PBI checks government and other databases on behalf of insurance firms, pension funds, and other organizations for information such as deaths to ensure corporate benefits are properly paid.

The copy of CIBC’s Massachusetts letter blanks out what kind of information about CBIC Private Wealth Management customers was stolen. Nor does it say how many people are being notified.

Asked for comment, CIBC’s Toronto headquarters said a “small number” of people were affected. “We have conducted a thorough review of the issue which affected a third-party vendor and are reaching out as appropriate to provide support to a small number of clients in response,” Tom Wallis, the bank’s senior director of public affairs, said in an email. “CIBC systems were unaffected by the incident.”

MOVEit, made by Progress Software Corp., is used for the secure transfer of large files.

Earlier this month, the Bank of Nova Scotia’s Scotia Wealth Management division in the U.S.  began notifying American customers whose data was compromised when the MOVEit server of consulting company Ernst and Young LLP (EY) was hacked. Scotiabank hasn’t said how many customers were affected.

The Clop/Cl0p ransomware gang, which apparently discovered the zero-day vulnerability, has taken credit for around 250 of the hacks of an estimated 963 victim organizations.

Not all were hit individually. In the case of PBI, for example, one service provider was the source of data stolen from dozens of corporate customers. In turn, each customer could have hundreds or more customers.

EY, Deloitte and PwC were hit once but, like PBI, yielded several victim firms.

The post U.S. division of CIBC apparently sideswiped by MOVEit hack first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Russian-linked hackers target U.S. and European water systems

A Russian military-affiliated hacking group, Sandworm, is suspected of coordinating recent cyberattacks on water utilities in the U.S.,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways