Hilltop Holdings in Dallas disclosed that an unauthorized party likely obtained customer data due to a security incident at a third-party vendor.
The $17 billion-asset company disclosed in a regulatory filing that the incident was tied to a vulnerability in the MOVEit transfer application – a managed file transfer software.
Hilltop said its bank uses the vendor’s systems as its core operating system.
Though the vendor said the incident was patched, the unauthorized party likely obtained information “about substantially all of the Bank’s customers, including social security numbers and account numbers.” For now, there is no indication that the incident has impacted any of the bank’s information systems or customer access credentials.
Hilltop said it plans to offer impacted customers complimentary credit monitoring and identity restoration services. The company is also evaluating the full scope of the costs and impact of the incident.
Several other banks have reportedly been impacted by this cyberattack.