On September 8, 2023, Northfield Bank notified the Attorney General of Vermont of a third-party data breach involving one of the bank’s vendors. Evidently, the vendor data breach was a result of the commonly used file transfer application MOVEit. In this notice, Northfield Bank explains that the incident resulted in an unauthorized party being able to access customers’ sensitive information, which includes their names, account numbers, Social Security numbers and online banking usernames. Upon completing its investigation, Northfield Bank began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Northfield Bank discussing the vendor data breach, it is essential you understand what is at risk and what you can do about it. While this incident did not impact Northfield Bank’s network, it did affect Northfield Bank customer data that was provided by Northfield Bank to one of the company’s vendors. From a practical standpoint, this doesn’t change the fact that Northfield Bank customers are at a greater risk of identity theft in the wake of the breach. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Northfield Bank vendor data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Northfield Bank Customers?

The Northfield Bank vendor data breach was only recently announced, and more information is expected in the near future. However, Northfield Bank’s filing with the Attorney General of Vermont provides some important information on what led up to the breach. According to this source, on August 4, 2023, Northfield Bank was notified of a data breach by one of its vendors. Evidently, the vendor used a secure file transfer program called MOVEit, which was developed by Progress Software.

Back in May 2023, Progress Software announced a critical vulnerability within MOVEit that allowed unauthorized parties to access information from companies’ MOVEit environments. Northfield Bank’s unnamed vendor was one of the many companies that used MOVEit. And, because Northfield Bank provided confidential customer data to the vendor so that the vendor could perform the services it was contracted to carry out, Northfield Bank customers were affected by the breach.

After learning that sensitive consumer data was accessible to an unauthorized party, Northfield Bank obtained the compromised files and reviewed them to determine what information was leaked and which customers were impacted. While the breached information varies depending on the individual, it may include your name, account number, Social Security number and online banking username.

On September 8, 2023, Northfield Bank sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

Note that this incident did not affect any of Northfield Bank’s computer systems; the compromised data was stored within the vendor’s MOVEit environment.

More Information About Northfield Bank

Founded in 1887, Northfield Bank is a financial institution based out of Woodbridge, New Jersey. Northfield Bank is a full-service bank offering customers the standard financial products one would expect to find at a bank, including checking and savings accounts, secured and unsecured loans, investments, home loans, credit cards and business bank services. Northfield Bank operates more than 35 branches in New Jersey and New York. Northfield Bank employs more than 379 people and generates approximately $169 million in annual revenue.