Union Bank Settles MOVEit Breach for $2.39 M, Offers Up to $12,500 per Victim

*TL;DR Union Bank and Trust agreed to a $2.39 M settlement for the 2023 MOVEit breach; claimants can receive up to $12,500 or a $100 cash payment plus two years of credit monitoring.

Context In late May 2023 cybercriminals exploited a vulnerability in the MOVEit Managed File Transfer software, a tool used by many financial institutions to move sensitive files. The attackers leveraged CVE‑2023‑3635, a remote code execution flaw, to gain unauthorized access to servers hosting customer data. Union Bank and Trust was among the firms whose systems were compromised, exposing names, Social Security numbers and other personally identifiable information (PII).

Key Facts - The bank settled a class‑action lawsuit without admitting wrongdoing, paying $2,389,976 to resolve claims that it failed to protect consumer data. - Eligible class members—those who received a breach notification—may claim up to $12,500 in reimbursements for documented losses, or a flat $100 cash payment if no losses occurred. - Reimbursements break down into $2,500 for ordinary losses (e.g., up to four hours of time at $25 per hour) and up to $10,000 for extraordinary, unreimbursed monetary losses incurred after May 31 2023. - All claimants receive two years of three‑bureau credit monitoring and identity‑theft protection. - Claims must be filed by July 21 2026; objections to the settlement are due June 22 2026, and the final approval hearing is set for August 6 2026.

What It Means The settlement underscores the financial risk of inadequate patch management. MOVEit’s flaw was publicly disclosed in May 2023, and vendors issued patches within weeks. Organizations that failed to apply the update exposed customer data and now face legal and remediation costs. Security teams should prioritize rapid deployment of critical patches, especially for software handling sensitive transfers.

Mitigations - Apply MOVEit patch for CVE‑2023‑3635 immediately; verify version compliance across all environments. - Implement network segmentation to isolate file‑transfer servers from core banking systems. - Deploy endpoint detection and response (EDR) tools that can flag anomalous PowerShell or Windows Management Instrumentation (WMI) activity, common in MOVEit exploitation (MITRE ATT&CK T1059.001, T1047). - Conduct regular credential hygiene audits; enforce multi‑factor authentication for privileged accounts. - Review and update incident‑response playbooks to include file‑transfer service compromise scenarios.

Looking Ahead Watch for additional MOVEit‑related settlements as more victims come forward, and monitor upcoming guidance from the Cybersecurity and Infrastructure Security Agency (CISA) on hardening managed file‑transfer solutions.