Latest News

M&T Bank Cybersecurity Breach Exposes Customer Data: What You Need to Know

The Breach: A Wake-Up Call to All

M&T Bank, a New York-based financial institution with over $207 billion in assets, has officially acknowledged a global cybersecurity incident. Significantly, this breach has exposed sensitive customer data. According to the bank’s letter to its customers, the exploit targeted MOVEit, a file transfer tool for sending and receiving confidential information.

Moreover, this wasn’t a case of the bank’s internal systems being compromised. Instead, the attacker accessed the data by targeting one of M&T Bank’s third-party vendors. Consequently, this security incident underlines the risks involved when institutions rely on external service providers for various functions.

What Was Compromised and What Wasn’t

The bank stated that while customer names, addresses, and account numbers for checking, savings, and money market accounts were exposed, other sensitive data remains safe. Hence, customers can sigh relief knowing that PINs, passwords, social security numbers, dates of birth, and debit/credit card numbers were not accessed.

However, the breach’s fallout isn’t over. A customer affected by the data leak has filed a class-action lawsuit against M&T Bank, claiming the bank failed to “properly secure and safeguard” data. According to this lawsuit, at least 95,000 customers are directly impacted, with the potential for hundreds of thousands more based on M&T Bank’s extensive clientele across 12 states in the Eastern United States.

Time for Remedial Action

While M&T Bank asserts that its internal systems were not compromised and remain secure, the incident raises essential questions about data security in an increasingly interconnected world. Additionally, this event is a stark reminder that organizations, big and small, are vulnerable to cyber threats, mainly when third-party vendors are involved.

The breach has prompted calls for increased vigilance and tighter security measures, not just for M&T Bank but for all financial institutions. Besides, customers are urged to monitor their accounts closely for unusual activity, although the bank confirms that susceptible information remains uncompromised.

In summary, the cybersecurity incident at M&T Bank showcases the importance of fortifying internal and third-party security measures. It’s a wake-up call that rings loud and clear: No one is immune from the dangers lurking in the cyber world.


Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.