800K Users Impacted By Severe Pathward Data Breach

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

In the newest update on the massive MOVEit data breach from earlier this year, Pathward (formerly known as MetaBank), recently disclosed that over 800K users had their information exposed.

Earlier this year, the Cl0p ransomware group breached the MOVEit file transfer service and exposed the information of nearly 1,000 major companies and government institutions all around the world. Over 60 million people have been affected, with more companies and organizations coming forth every week about the damage dealt by the breach.

The affected companies include British Airways, Boots, BBC, and cloud-payroll company Zellis, as well as universities, healthcare organizations, and more.

“As a result of the MOVEit vulnerability, some of your personal information maintained by this service provider appears to have been acquired by an unauthorized party,” Pathward explains in a letter sent to customers.

When Pathward was still known as MetaBank, before selling the Meta trademark to Facebook for $60 million, it worried with the US Treasury to provide COVID stimulus payments. The company was responsible for processing and issuing millions of Economic Impact Payment (EIP) cards referred to as “Emerald Cards.”

“On or about July 12, 2023, we became aware that an unauthorized third party had acquired certain files transferred through the MOVEit Transfer tool, and on July 25, 2023, the service provider provided its forensic data report,” Pathward writes.

Sensitive user data, including credit card details and personal details of more than 800K users. Users who were impacted should receive letters detailing exactly what information was leaked. If you receive a letter, be sure to change your passwords, contact your bank to replace your cards, and consider credit monitoring services to ensure you aren’t victimized without knowing.

Pathward first reported the breach in May, however, at that time few details were available about the severity of the attack. Investigations into the MOVEit data breach are being carried out by various law enforcement agencies around the world.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."

Leave a Comment