US-based Bryant Bank discloses breach of customers' personally identifiable information

Bryant Bank, a community bank in the US state of Alabama, recently disclosed a data breach that compromised the sensitive personal information of its customers.

Founded in 2005, Bryant Bank operates 18 branches in five major cities in the US state of Alabama, namely Huntsville, Birmingham, Tuscaloosa, Mobile, and Baldwin County. The bank offers personal banking, business banking, loans, mortgages, and additional financial services, such as Treasury Management Services, Correspondent Banking, and Capital Markets to the state’s residents. 

 

The community bank said in a notice on its website that on October 27 last year, it identified unauthorised access to certain servers on its internal network. Upon discovering the incident, the bank immediately launched an investigation and took all necessary steps to mitigate its impact.

“Bryant Bank contained the threat by disabling all unauthorised access to its network, restored all data, and immediately commenced a prompt and thorough investigation,” the bank said. It also engaged third-party cyber security experts to investigate the cyber attack and notified law enforcement about the same.

“Following a forensics investigation and manual document review of the impacted files, Bryant Bank discovered on April 6, 2023, that certain files that contain personal information were potentially removed from its network by the unauthorised party between October 26, 2022, and October 27, 2022.

“This type of information potentially included full names along with one or more of the following: Social Security Numbers, Dates of Birth, Bank / Financial Account Information, Health Insurance and Medical Information, Passport numbers, and Driver’s License numbers,” the notice read.

Bryant Bank started notifying all affected individuals about the security incident since April 18 and urged them to take necessary steps to protect themselves against identity fraud. The bank recommends all individuals who received the notice of the data breach apply for a fraud alert or security freeze on their credit files, obtain free credit reports, and review their financial account statements and credit reports for fraudulent or irregular activity on a regular basis.

For individuals whose Social Security Numbers have been compromised, the bank is encouraging them to enroll in a complimentary credit monitoring service provided in the notification letter.

Last year, Michigan-based Flagstar Bank also disclosed a significant security incident that compromised the personal information of more than 1.5 million customers. In a notice sent to the affected customers, Flagstar Bank said that the security incident took place between December 3 and December 4, 2021, and was identified on June 2, 2022, exactly six months after it occurred.

Following an extensive investigation, the bank identified that a threat actor gained unauthorised access to its network and accessed certain files containing customer details including the names and social security numbers of its customers.