PORTLAND, Ore. — Umpqua Bank has confirmed that it is a victim of the same global cyberattack that has been discovered to have hit various large corporations and government agencies in the past week — including the Oregon Department of Transportation.
The Portland-based bank, which recently merged with Columbia Bank, said on Monday that there’s no indication customer data has been compromised, although it is still investigating.
Cybercriminals exploited a vulnerability in a program called MOVEIt, a popular tool for transferring files quickly.
“Once we learned of the MOVEit vulnerability, we took immediate action to safeguard our systems and further protect customer data,” Umpqua Bank said in a statement. “We also initiated a thorough investigation to understand our potential exposure, as well as the exposure of our vendors.”
Last week, the Oregon Department of Transportation confirmed roughly 3.5 million driver license and ID card files were compromised in the hack. State officials advised the public to monitor credit reports for signs of fraud.
Earlier this month, the Cybersecurity and Infrastructure Security Agency and FBI issued a warning that a cybercriminal group called CLOP was exploiting a previously unknown vulnerability in MOVEIt. The group reportedly used the flaw to steal files and demand payment not to publish them online. So far, CLOP has not leaked stolen data.
CLOP listed Umpqua Bank and Columbia Bank, along with roughly a dozen other victim organizations, on its data-leak website. The hack of the file-transfer program has already impacted a wide range of large companies and government agencies.