Email arrived... scam or legit?

pwd72s · 08-17-2023, 10:53 AM

I'm wondering if this is pishing or legit? Supposedly from our bank. Anybody here get a similar email?

On Thursday June 22, we shared with you via email that personal information for a segment of Umpqua’s customers was accessed due to a third-party vendor’s exposure in the global MOVEit Transfer cybersecurity incident. Our investigation has unfortunately revealed that your name and Social Security Number were involved in this incident. No banking information was involved, and you should continue to bank as you always do. We understand this news is frustrating and apologize for the inconvenience.

Your relationship with us is very important and safeguarding your personal and financial information is a responsibility we take seriously. We have been working closely with our vendor—who we can now share is Fidelity National Information Services, Inc. (FIS)—to provide 24 months of identity monitoring and theft resolution services to you at no charge.

While we have no evidence at this time that your personal information has been used in an unauthorized way, we are reaching out today to:

Provide an update about what happened.
Inform you to be on the lookout for the official notification letter. This letter will arrive in your mailbox in the coming days. It includes important instructions about how to access your 24 months of identity monitoring and theft resolution services available to you at no charge.
What Happened
On May 31, 2023, Progress Software reported a previously unknown vulnerability in its MOVEit Transfer tool. Thousands of companies, including one of our business partners, FIS, use this file transfer tool to move data files.

FIS is a global financial technology services provider that works with most of the world’s leading banks and supports more than one million merchants around the globe. When you buy a coffee, check your balances, or invest in your 401(K), you’re likely running on FIS software. Like many banks, Umpqua uses FIS’s technology services.

Upon notification, FIS immediately suspended use of the MOVEit Transfer tool, and it remained disabled until they received and implemented a software patch to remediate the issue. FIS also launched an immediate investigation working in partnership with Umpqua and alongside cyber experts and appropriate law enforcement agencies. The investigation has revealed evidence that an unauthorized third party potentially accessed certain files transferred through MOVEit Transfer that contained some of your personal information.
Watch Your Mail
The global MOVEit Transfer cybersecurity incident has led to the unauthorized access of information from millions of people. While we have no evidence at this time that your personal information has been used in an unauthorized way, given the widespread nature of this incident, we highly encourage you to enroll for your no-cost identity monitoring and threat resolution services using the personalized login instructions that will be mailed to you.

Please be on the lookout for a notification letter from Umpqua Bank, which should arrive in the coming days. This letter includes important instructions about how to access your 24 months of identity monitoring and theft resolution services available to you at no charge.

Your notification letter includes contact information for a dedicated support line that you can use to receive assistance setting up your identity monitoring and threat resolution services. For any other questions, please feel free to reach out to your local banker or call us at (866) 486-7782.

In the meantime, please know that we take this matter very seriously, and we sincerely apologize again for any concern and inconvenience this may cause you.

Sincerely,

Chris Merrywell
President, Consumer Banking
Umpqua Bank

Bill Douglas · 08-17-2023, 11:00 AM

The bank like to get copies of these emails.

If it is them, good. If it's not they are pre-warned that a well written, elaborate scam, is happening.

KFC911 · 08-17-2023, 11:01 AM

Ummm .... for $19 a month .... that's ONLY 63 cents per day, I will take care of all your concerns and you can adopt a Polar Bear too!

masraum · 08-17-2023, 11:02 AM

Assuming Umpqua Bank is your bank, then it certainly could be legit. I'd call (or go to if that's your thing) the bank and ask. If they say "it's legit" then sign up for the reporting.

Years ago, I had my identity stolen from a govt database. They signed me up for free monitoring. I think that was >5 years ago (and was supposed to be 3 years of monitoring). I still get emails, so it appears to still be active.

If you can get monitoring for free, go for it.

pwd72s · 08-17-2023, 11:05 AM

Yes! Cindy on her way to the local branch with a print out as I type. What to do if legit? I can change banks, sure can't change our social security numbers. Maybe sign up for LifeLock?

KFC911 · 08-17-2023, 11:07 AM

Paul, if your credit hasn't been frozen at all three agencies.... just do that. It's so easy and painless these days .... almost everyone should. Mine has been that way for two decades.

Everyone should assume their info is compromised these days .... breached from those very same gencies too

.

I sleep well not giving a crap

.

KFC911 · 08-17-2023, 11:10 AM

Quote:

Originally Posted by pwd72s

Yes! Cindy on her way to the local branch with a print out as I type. What to do if legit? I can change banks, sure can't change our social security numbers. Maybe sign up for LifeLock?

Oh hell no .... LifeLock is a total waste of $$$.
Freeze yer credit for free .... makes LL and anyone else who has your info worthless...

Ayles · 08-17-2023, 11:26 AM

People still go into a bank branch?

KFC911 · 08-17-2023, 11:29 AM

Quote:

Originally Posted by Ayles

People still go into a bank branch?

I do .... every time I need a free toaster!

MBAtarga · 08-17-2023, 11:33 AM

The MOVEit vulnerability is a true event - and many orgs/companies have been impacted by it.

Covered in this thread already:

PBI hacked?

pwd72s · 08-17-2023, 02:10 PM

Thanks to all...especially KC. It's not easy being an oldster trying to adapt to a digital world & it's hazards. Our credit now frozen. Yep, the email was 100% legit. I also learned our credit rating..it's good we did the freeze, because ID theft artists would love using it.

john70t · 08-17-2023, 07:13 PM

Short answer:
Don't ever click on email links
Or give personal information to strangers

Contact your local branch, with a witness friend, verify that contact info or help bust a bunch of scammers, make a diary of everyone and their advice (with date/time/place).
Do it in writing or person.
Make sure you leave a trail of crumbs into that forest or you might never find your way back and getting eaten.

stomachmonkey · 08-18-2023, 10:46 AM

This is a fairly standard format letter that companies involved in a data breach send out.

There are no links and it doesn't ask you to take any action of a digital nature.

It's real.