Notice of Service Provider's Security Breach
First Guaranty Bank, and many other financial institutions, use a core processing system to store customer data provided by service provider Financial Institution Service Corporation (“FISC”). FISC recently notified First Guaranty Bank that data associated with its customers was stored on software it uses to transfer data and may have been accessed by a threat actor.
As reported by FISC, on or around May 31, 2023, Progress Software Corporation (“Progress”) publicly disclosed zero-day vulnerabilities that impacted its MOVEit Transfer software. As a user of that software, FISC reported that, upon notification, it applied software patches and undertook recommended mitigation steps issued by Progress, reported the issue to law enforcement, and began investigating the issue with the assistance of third-party cybersecurity specialists. FISC determined that a threat actor accessed one of FISC’s MOVEit Transfer servers through a zero-day vulnerability, and exfiltrated certain data from that MOVEit Transfer server on May 30 and 31, 2023. First Guaranty Bank determined that certain information related to residents of Louisiana was present on the server at the time of the event. The information that could have been accessed by the threat actor includes the individuals’ name, address, account number, and social security number.
Safeguarding information is essential to our mission and our role as a financial institution. To confirm, First Guaranty Bank’s own systems were not compromised. First Guaranty Bank regrets that this incident occurred and any effect on our customers. First Guaranty Bank, upon receiving notification of this incident, promptly took steps to investigate the issue and analyze the potentially affected data. Further, First Guaranty Bank is evaluating its procedures with respect to service providers. First Guaranty Bank requires service providers to adhere to cybersecurity standards and will also revisit those standards.
Notification letters to affected individuals went out in early October for those individuals whose current contact information was on file with First Guaranty. If you did not receive a letter, and want to confirm whether your data was affected, please contact us at 888-375-3093. First Guaranty can assist with no-cost additional products that can help customers monitor their accounts and will arrange for credit monitoring to be offered to any affected individuals.