Since the recent MOVEit Transfer data breach incident, various vendors utilizing the software have notified a significant number of banks that their customer information may have been compromised during the breach. Many banks are asking whether they will be required to notify their customers of the breach. This question can be answered only by determining the specifics of the customer information that was subject to the breach and then analyzing the federal banking agencies' Interagency Guidelines Establishing Information Security Standards ("Interagency Guidelines"). The Interagency Guidelines for FDIC-regulated banks are found at 12 CFR Part 364 Appendix B. Continue reading >