Fiserv Security Incident
Updated by Keith Kirkland
High Level Summary of the Security Advisory
Fiserv is an international company specializing in financial services technology. They offer solutions for banks, credit unions, businesses, and consumers, enabling secure and streamlined financial transactions, payments, and data management.
Based on information from various sources, including CyberNews, PaymentsDive, and BleepingComputer, a critical vulnerability that affected MOVEit, a managed file transfer software by Progress Software in May 2023, has had repercussions on Fiserv. For specific details on the MOVEit zero-day vulnerability, you can refer to the advisory published by VISO TRUST here: Progress Software MOVEit Zero-Day Vulnerability Risk Notice.
According to these sources, the attackers exploited the MOVEit Transfer zero-day vulnerability to gain unauthorized access to Fiserv systems and subsequently pilfered end customer data belonging to Fiserv’s Clients. Further, per the resources, Fiserv is communicating with affected Clients and providing them with the necessary support.
One of the organizations that have been affected by the Fiserv data breach (as per the sources) is Flagstar Bank, a full-service financial institution offering a range of banking and financial services. Flagstar Bank utilizes Fiserv for payment processing and mobile banking services, with Fiserv employing the MOVEit Transfer software. According to these sources, the attackers exploited the MOVEit Transfer zero-day vulnerability to gain unauthorized access to Fiserv’s systems and subsequently pilfered customer data belonging to Flagstar Bank, which Fiserv used to provide its services. Consequently, this breach may have exposed customer Social Security numbers (SSNs). The incident impacted 837,390 Flagstar Bank customers in the United States.
What to do if you or your vendors have an active relationship with Fiserv
As indicated by the aforementioned sources, Fiserv is actively engaging with Clients who have been affected and is offering them resources, including notifications, identity and credit monitoring, and call center services.
If you or any of your vendors maintain an ongoing association with Fiserv, we strongly recommend reaching out to them promptly to ascertain the potential implications for your customers, services, or products. Additionally, we encourage you to refer to the VISO TRUST’s risk notice on the Progress Software MOVEit Zero-Day Vulnerability for guidance on any remedial actions that your organization may need to take.
--------------------------------------------------------------
We are actively working on future product enhancements related to these types of events. If you found this information helpful or have additional feedback please let us know at product@visotrust.com.
For any additional questions, please reach out to your customer success manager.
Stay ahead of the curve with our Public Risk Notice Alerts!
Get the latest information and news to your inbox on cybersecurity breaches and third-party vendor risks that could impact your organization.
Sign up today to fortify your organization's security.
The VISO TRUST team
—----------—----------—-----