On August 14, the People's Bank of Puerto Rico, the largest bank in the autonomous region of Puerto Rico, submitted a customer information breach report to the Attorney General of Maine. The report said the personal details of 82,217 depositors at the bank were compromised due to a security flaw in the MOVEit software used by supplier PwC.
At present, the People's Bank of Puerto Rico has successively notified thousands of bank users to inform them of the security risks of data leaks, and stated that PricewaterhouseCoopers has been providing corresponding audit services to the bank, and the two parties have been collaborating for more than two decades. .
Due to the nature and requirements of its work, the bank must contribute customer information to PwC so that the latter can complete independent audits of financial statements, resulting in the customer data breach.
MoveIt, a product of software company Progress Software, is a file-sharing tool widely used by multinational corporations and government clients. Due to the loopholes in its product itself, it was discovered and attacked by the Russian ransomware organization Clop, triggering a crisis of data leakage in many companies.
Since the outbreak in early June, the Clop ransomware gang has used this vulnerability to penetrate and exploit more than 100 organizations, including physical energy giants such as Schneider and Siemens, as well as virtual data room service providers that provide industry merger and acquisition data services.
In addition, many financial giants such as Deloitte, EY, Goldman Sachs, Jefferies, JPMorgan, KPMG and UBS, etc., in addition, Jackson Government agencies, including the National Bank and U.S. federal districts, were not spared either.
The report states that the personal information leaked by the People's Bank of Puerto Rico included names, Social Security numbers, mortgage loan numbers and other mortgage-related fields. After discovering the vulnerability, PricewaterhouseCoopers stated that it had stopped using the software in a timely manner and conducted relevant security investigations within the company.
The final part of the report points out that the bank will provide two years of free Equifax security risk monitoring services to customers at risk of data breaches, and also shares several methods that can effectively mitigate the security threats posed by data breaches.