Notice of Data Security Incident
This notice is being provided for the benefit of consumers whose data was potentially exposed but that Crescent Bank does not have contact information to notify them. If you are a current or past Crescent Bank customer and have a mailing address on file, you will receive a notice by mail if you were affected by this incident.
Crescent Bank recently learned about a data security incident experienced by our vendor, the Financial Institution Service Corporation (FISC), that may have impacted your personal information. The security of your personal information is very important to us, and we sincerely apologize for any inconvenience this may cause.
On June 21, 2023, Crescent Bank learned that one of our vendors, FISC, was using software that contained a vulnerability to transfer files to and from Crescent Bank. The vulnerability in the MOVEit file-transfer software allowed unauthorized actors to gain access to the files being transferred. FISC informed us that, in fact, an unauthorized actor had accessed FISC’s MOVEit server between May 30, 2023 to May 31, 2023 and that certain Crescent Bank data may have been accessed without authorization. On August 14, 2023, we learned that your personal information was amongst the data that was accessed during the incident. The Crescent Bank environment and systems were not impacted as a result of the incident. As of October 2, 2023, we have no indication that any personal information has been misused.
What We Are Doing:
Immediately after identifying the unauthorized access, FISC applied the appropriate patches provided by Progress Software Corporation (“Progress”), MOVEit’s software provider. FISC also followed the recommended steps provided by Progress to secure the MOVEit software. We are confident FISC has taken the appropriate steps to secure its systems, and that data can, once again, be transferred securely.
Letters are being mailed to individuals for whom Crescent Bank has addresses, which contain more information about the incident as well as instructions for enrolling in credit monitoring and identity protection services through Kroll, the data breach recovery experts.
What You Can Do:
Individuals should remain vigilant for incidents of identity theft or fraud by reviewing bank accounts, financial statements, and credit reports for suspicious activity. Incidents of identity theft should be reported to law enforcement or the attorney general.
For questions or concerns or to determine whether your information was impacted, please call 866-731-2932 Monday through Friday from 8:00 a.m. and 5:30 p.m. Central time, excluding holidays. We regret any inconvenience or concern that this incident may cause.