Data Breach Notifications

Entity Information

• Type of Organization: Financial Services
• Entity Name: Arvest Bank
• Street Address: One Mcllroy Plaza
• City: Fayetteville
• State, or Country if outside the US: Arkansas
• Zip Code: 72701

Submitted By

• Name: Theresa Maxwell
• Title: Director of Compliance
• Firm name (if different than entity):
• Telephone Number: 9182327553
• Email Address: tmaxwell@arvest.com
• Relationship to entity whose information was compromised: Director of Compliance

Breach Information

• Total number of persons affected (including residents): 26388
• Total number of Maine residents affected: 1
• If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified: No
• Date(s) Breach Occured: 05/31/2023
• Date Breach Discovered: 10/13/2023
• Description of the Breach:
  • Other
  • If other, please specify: Fiserv is a vendor used by Arvest Bank. MOVEit Transfer is one of Fiserv’s file transfer tools. On May 31, 2023, MOVEit Transfer disclosed a widespread zero-day SQL injection vulnerability that caused widespread impact. Fisver notified the bank on October 13, 2023, that their analysis revealed certain data in Fiserv’s MOVEit Transfer environment was exfiltrated between May 27th and May 31, 2023.
• Information Acquired - Name or other personal identifier in combination with:

Notification and Protection Services

• Type of Notification: Written
• Date(s) of consumer notification: 01/30/2024
• Copy of notice to affected Maine residents: FinalCustomer Notice.pdf
• Date of any previous (within 12 months) breach notifications:
• Were identity theft protection services offered: Yes
• If yes, please provide the duration, the provider of the service and a brief description of the service: Two years