Westlake Financial Partners (TX Operations)
Breach Analysis

• 2023-05-27

  MOVEit Transfer CVE-2023-34362 zero-day exploited globally
• 2023-06-09

  CISA and Progress Software publish advisory; patch released
• 2024-06-03

  Westlake Financial notifies 178,000 affected individuals (TX subset)
• 2024-07-01

  Texas AG breach notice filed

How they got in

Supply-chain attack via MOVEit Transfer zero-day (CVE-2023-34362). Clop ransomware group exploited the SQL injection vulnerability in MOVEit's web-facing interface to exfiltrate data before the patch was widely applied. No encryption deployed — pure data theft.

Sentinel / Fortress / Command coverage

Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →

Regulatory exposure

5-point hardening list

• 1
  Software inventory: maintain registry of all third-party data transfer tools with emergency patching SLA in vendor contracts
• 2
  Perimeter app patching: CVSS ≥8 vulnerabilities patched within 72 hours regardless of change management cycle
• 3
  WAF rules: subscribe to CISA/vendor advisory feeds; deploy emergency WAF rules for actively exploited CVEs within hours of publication
• 4
  Data transfer monitoring: alert on large outbound transfers via managed file transfer platforms
• 5
  Vendor contracts: require 72-hour patch notification and evidence of remediation for all customer-data-handling tools

• → CISA MOVEit Advisory AA23-158A
• → DataBreaches.net — MOVEit Tracker
• → Texas AG Breach Notices

CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.