Customers’ Information Leaked in PlainsCapital Bank and MOVEit Data Breach

Your personal data and private information should not be taken lightly, and businesses that possess that information should do everything in their power to protect it from bad actors. When they fail to do so, it is your right to take action for their negligence.

In an era where digital transactions and online banking have become the norm, the security and protection of customers' personal information are of the highest importance. Unfortunately, recent events have shaken the trust of customers as PlainsCapital Bank and MOVEit data transfer software experienced a significant data breach.

On June 27, 2023, investigators reported that PlainsCapital Bank, one of the largest independent banks in Texas and a subsidiary of Hilltop Holdings, Inc., had been impacted by a substantial data breach linked to a zero-day vulnerability in the popular MOVEit file transfer tool. 

Through this breach, the personal information of over 16 million individuals may be at risk, and an unauthorized party likely obtained sensitive customer information, including social security numbers and account numbers.

The bank has released a statement on its official website confirming the PlainsCapital Bank data breach, which has been exploited by hacker groups using the MOVEit vulnerability. The bank and its holding company continue to investigate the incident to determine the full extent of the impact and associated costs.

If you believe your data may have been leaked, do not hesitate to contact Morgan & Morgan for a free, no-obligation case evaluation to learn more about your legal options.

What Is MOVEit?

MOVEit is a managed file transfer software used by thousands of organizations. MOVEit encrypts files, uses secure File Transfer Protocols to transfer data, and provides automation services, analytics, and failover options. The popularity of file transfer tools like MOVEit makes vulnerabilities in these tools a high risk for global organizations.

PlainsCapital uses a third-party vendor’s systems as their core operating system, which includes MOVEit. 

What Happened With MOVEit and PlainsCapital Bank?

PlainsCapital Bank and MOVEit suffered a serious data breach that resulted in the unauthorized access and leakage of customers' sensitive information. The breach exposed a range of personally identifiable information (PII), including names, addresses, social security numbers, and financial details, leaving customers vulnerable to identity theft and other fraudulent activities.

Who Is Responsible for the MOVEit Data Breach?

On 7 June 2023, cyber gang Clop, believed to be Russian-based, published a blog post claiming to have gained access to MOVEit transactions worldwide and warning organizations using MOVEit to contact Clop and pay a ransom by June 14th—otherwise, stolen information would be published. 

What Impact Can the MOVEit Data Breach Have on Customers?

The implications of such a data breach extend far beyond the immediate incident. Customers who have entrusted their personal information to PlainsCapital Bank now face heightened risks of identity theft, financial fraud, and compromised privacy. The leaked data could potentially be misused by cybercriminals to carry out fraudulent activities and could lead to severe financial and emotional consequences for the affected individuals.

What Is PlainsCapital Bank Doing About the Data Breach?

While an investigation continues, PlainsCapital Bank has expressed their commitment to ensuring that appropriate notifications are provided to impacted customers and to regulatory agencies as required by federal and state law. The bank plans to offer impacted customers, at their election, complimentary credit monitoring and identity restoration services, which will be described in upcoming notifications.

Hilltop Holdings is also working with other vendors for their broker-dealer and mortgage origination segments to determine whether they were similarly impacted by the MOVEit vulnerability.

What Should I Do About the Data Breach? How Can I Know if I Was Affected?

The data breach involving PlainsCapital Bank and MOVEit serves as a stark reminder of the importance of robust data security measures—especially when it comes to your valuable and sensitive information.

PlainsCapital Bank has publicly stated that they will keep customers updated as they continue their investigation into the data breach. Customers can also contact them directly with questions. 

However, if you believe that your private data or accounts have been exposed and compromised, reach out to Morgan & Morgan immediately with those details. We can provide a free case evaluation in minutes and may be able to help you fight for justice.

With over 35 years of experience and more than $15 billion recovered for our clients, Morgan & Morgan knows how to fight even the biggest of opponents and recover compensation that clients need and deserve.

Contact Morgan & Morgan today to learn more.