In a shocking turn of events, Pathward, now known as MetaBank, has found itself in the eye of a storm following a severe data breach. The breach, orchestrated by cybercriminals exploiting vulnerabilities in the MOVEit Transfer software, exposed personal details, including payment card numbers, of almost 800,000 people. Let’s dive into the details of this incident and its far-reaching consequences.


The Third-Party Data Breach

MetaBank was quick to notify its clients about the third-party data breach that had a profound impact on the holders of its H&R Block Emerald Card. This breach was made possible by hackers targeting the MOVEit Transfer software, which was used by a third-party service provider responsible for handling MetaBank’s customer data.

In a breach notification letter sent to affected customers, MetaBank stated, “As a result of the MOVEit vulnerability, some of your personal information maintained by this service provider appears to have been acquired by an unauthorized party.”


The Scale of the Data Breach

According to information submitted to the Attorney General of Maine, a staggering 793,626 individuals were affected by this breach. This incident adds to the grim statistics of over 62 million people whose data has been exposed due to the MOVEit Transfer attacks.

MetaBank’s communication to the affected individuals clarified that the breach pertained to the H&R Block Emerald Card and was unrelated to the Economic Impact Payment (EIP) cards that MetaBank had issued in collaboration with the US Treasury Department in 2021.

The breach was initially discovered on July 12, 2023, and the service provider provided its forensic data report on July 25, 2023. The report indicated that while MetaBank and H&R Block systems remained uncompromised, the attackers had potentially accessed a significant trove of sensitive customer data associated with the H&R Block Emerald Card.


The Risks and Consequences

The exposure of financial data carries a multitude of risks for those affected. Armed with card numbers and expiration dates, combined with personal details, cybercriminals can engage in financial fraud, leading to unauthorized transactions and substantial financial losses for victims.

Moreover, stolen information can be used for various other forms of fraud, such as identity theft, phishing attacks, or obtaining loans under pretences. Even seemingly insignificant pieces of leaked personal information can be compiled to have a devastating impact. Unfortunately, many victims may not even realize they’ve been compromised, leading to a lack of timely mitigation efforts.

To assist those affected by the breach, MetaBank has pledged to provide two years of identity theft prevention services. This is a step beyond the typical 12-month monitoring services offered by companies that have experienced similar data exposure incidents.


The MOVEit Transfer Data Breach Attacks

The MOVEit Transfer attacks were orchestrated earlier in the year by the Cl0p ransomware gang, which is linked to Russia. They exploited a zero-day vulnerability in the MOVEit Transfer software, which was subsequently patched by Progress Software.

Cl0p, also known as TA505, Lace Tempest, Dungeon Spider, and FIN11, has been active since 2019 and has garnered notoriety in the cybersecurity world. Recent reports indicate that the gang’s activities may have a connection to the Russia-Ukraine conflict, with one of their developers reportedly located in Eastern Ukraine.

The gang appears to use virtual private server (VPS) hosting services, with servers physically located in Russia’s largest cities, Moscow and Saint Petersburg.



MetaBank is not the only organization to have suffered at the hands of the MOVEit Transfer attacks. Prominent organizations like Sony Interactive Entertainment, American Airlines, Warner Bros Discovery and AMC Theatres have all had their clients’ data exposed in similar incidents.

We’ve actually made a previous blog on MOVEit, as they continue to make waves on the web, you can read it here.

The MOVEit Transfer attacks serve as a stark reminder of the ever-present threat of cybercrime and the critical need for robust Cyber security measures to protect sensitive data. Organizations must remain vigilant and proactive in safeguarding their customer’s information from the relentless advances of Cyber criminals.

We hope you’ve enjoyed this blog. Be sure to watch out for our future weekly blog releases and thanks for reading!