MainStreet Bank customers affected by vendor network data breach

MainStreet Bank said one of its third party vendors suffered a data security incident that compromised the sensitive personal information of its customers.

 

Headquartered in Fairfax, Virginia, MainStreet Bank is a community bank that caters to customers in the Virginia and Washington, DC metropolitan area.

 

On May 30, in a filing with the U.S, Securities and Exchange Commission (SEC), MainStreet Bank said that in March, one of its third party service providers notified the bank of suffering a data security incident. The bank immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The Company immediately activated its incident response process to investigate and remediate the incident and initially concluded that the incident’s impact would likely not be material. Although each vendor undergoes a thorough security vetting process, we swiftly ceased all activity with this provider,” MainStreet Bank said in its filing.

 

“The company determined that its own information technology systems and networks had not been compromised or affected, no unauthorised transactions had been executed, no monies had been transferred to the unknown persons, and customers had been able to continue to execute transactions with the company,” the bank added.

 

In a letter sent to affected customers, the bank said the incident occured between April 17-April 22 and involved a merchant’s payment card environment. The compromised data included names, numbers and card expiration dates.

 

“At this time, we have no reason or evidence to believe that an unauthorised individual retrieved any personal information such as social security numbers or Main Street Bank account numbers,” reads the letter.

 

The bank has advised all affected individuals to visit a branch and receive a new card, or request one to be mailed to them. Also, individuals should regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on MainStreet Bank. The financial organisation also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.