Close to 200,000 Frost Bank customers affected by Sefas security breach

Global software vendor Sefas announced that a data security incident last year compromised sensitive personal information belonging to nearly 200,000 customers of Frost Bank.

 

Sefas is a global software vendor specialising in customer communications management and document automation solutions. Its platforms help businesses securely create, manage, and deliver personalised customer communications across digital and print channels.

 

In a data security incident notice filed with the Office of California Attorney General, Sefas said that on April 16, it became aware of a cybercriminal group claiming to possess data linked to one of its clients in the financial sector. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation revealed activity consistent with unauthorised access to the SFTP server we use to provide software support. This activity included the download of certain files intermittently between December 2025 and April 2026, containing Frost Bank data. We informed Frost Bank about the incident on April 22, 2026, and began providing information so that the individuals and data affected could be determined,” Sefas said.

 

The compromised data included names, addresses, Social Security Numbers, other taxpayer identification numbers, account numbers, dates of birth, loan numbers and more. The incident was reported with Texas state regulators where Frost Bank said that at least 191,848 individuals were impacted by the incident.

 

“Based on the evidence reviewed to date, there is no indication that the activity extended beyond the SFTP server or continued after April 16, 2026,” Sefas added.

 

The software provider has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one years of complimentary identity protection and credit monitoring services through CyberScout to all affected individuals.

 

In April, the Everest ransomware gang

that it exfiltrated 250,000 Social Security numbers from Frost Bank and listed the institution on its leak site. Frost Bank, however, did not respond to the claims. The hacker group did not state how much ransom it had demanded from the bank or whether the bank had paid the ransom.