Cadence Bank confirmed that a data breach involving MOVEit, a file transfer application, has compromised customer information. The breach, which was discovered and notified to the Montana Attorney General on September 15, 2023, exposed sensitive data held by the bank, including customer names, addresses, dates of birth, Social Security numbers, driver’s license numbers and financial accounts. According to a public notice submitted by Cadence Bank, a critical vulnerability in MOVEit allowed an unauthorized party to gain access to this information.
This incident serves as a stern reminder to all corporations and law firms of the importance of robust data protection and stringent cybersecurity measures. It is pertinent for legal professionals to ensure they are up to speed with the latest cybersecurity laws and regulations to advise corporations on risk minimization strategies and compliance with pertinent data protection versus an ever-evolving technology environment.
The incident at Cadence Bank underscores the potential for severe damage that can be inflicted by cyberattacks, particularly for businesses in possession of sensitive customer data. Legal practitioners are invariably facing more cases related to data breaches as incidents increase both in volume and significance. Such cases don’t only pose severe financial consequences and reputational damage to the affected companies but also call for massive regulatory implications in light of global data protection laws such as EU’s General Data Protection Regulation (GDPR) and California’s California Consumer Privacy Act (CCPA).
A comprehensive understanding of cybersecurity laws, and how they intersect with corporate governance, business practices, and stakeholders’ rights, will continue to be an essential area for legal professionals in the context of data risk and protection.