First Commonwealth Financial in Indiana, Pa., is the latest bank to disclose that customer data was compromised by the zero-day vulnerability in the MOVEit file transfer.
The $11.1 billion-asset company said in a regulatory filing that a vendor used the application in one of its offerings.
“Based on the investigation to date, it is likely that certain of the bank’s customers who use debit cards had personal information copied through the” incident, the filing said.
The vendor has implemented recommended patches. First Commonwealth said it worked with the vendor to determine who might have been impacted.
The company said there is no indication that the incident had any impact on its information systems or customer access credentials.
First Commonwealth said it has incurred, and may continue to incur, expenses, adding that it is evaluating the full scope of the costs and impact of the incident.