Notice of a Data Security Incident

Delta Bank has learned that the MOVEit data incident may have involved the personal information of some Delta Bank customers. Financial Institution Service Corporation (“FISC”) provides processing and other support services to financial institutions such as Delta Bank. On May 31, 2023 and again in June 2023, Progress Software Corp. publicly disclosed zero-day vulnerabilities that impacted the MOVEit Transfer tool. According to FISC, as a user of that tool, FISC moved quickly to apply available patching and undertook recommended mitigation steps. FISC promptly launched an investigation, with the assistance of third-party cybersecurity specialists, to determine the potential impact of the vulnerabilities’ presence on the MOVEit Transfer server on the security of data housed on FISC’s server. Per FISC, its investigation determined that an unknown actor exploited vulnerabilities, accessed the MOVEit Transfer server between May 30, 2023 to May 31, 2023, and exfiltrated certain data from FISC’s MOVEit Transfer server during that time. According to FISC, it subsequently undertook a time-intensive review of the data stored on FISC’s server at the time of the event to understand the contents of that data and to whom that data relates. FISC recently concluded its review.

FISC determined that the unauthorized access into the MOVEit Transfer server may have rendered accessible Delta Bank customer information including, depending on the individual, their name, address, date of birth, Social Security number, driver’s license number and other government issued identification number(s), financial account information, telephone number, and credit and/or debit card number.

On September 15, 2023, FISC, on behalf of Delta Bank, began notifying Delta Bank customers whose information could have been involved in the incident and for whom we have contact information. Individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves.

As a precautionary measure, notified individuals should remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Notified individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Notified individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

If you have additional questions, you may call the toll-free assistance 888-757-8601, which is available Monday through Friday, between the hours of 8:00 a.m. and 5:00 p.m. Central time, excluding major U.S. holidays. Also, you can write to FISC at 500 Pavilion Road, West Monroe, Louisiana 71292.