Community Bank Discloses Customer Data Breach via Unauthorized AI Tool

icon币界网
Share
AI summary iconSummary
Community Bank disclosed a data breach involving customer information caused by an unauthorized AI tool used by an employee. The bank filed the incident with the SEC on May 7 and is notifying affected customers. The leaked data includes names, birth dates, and Social Security numbers. The breach resulted from internal misuse, not a cyberattack. The bank is reviewing its CFT and KYC protocols to prevent future incidents. It operates in Pennsylvania, Ohio, and West Virginia.
CoinDesk reports:

The regional U.S. bank Community Bank disclosed that a staff member used an unauthorized external AI application, resulting in the improper exposure of certain customers' sensitive information. The bank detailed this incident in a filing with the U.S. Securities and Exchange Commission on May 7 and has initiated notification procedures at both federal and state levels.

Includes name, date of birth, and Social Security number

The company disclosed that the exposed information included customers' full names, dates of birth, and Social Security numbers. Such data are highly sensitive personal identifiers in the United States and, if leaked, could lead to risks of identity theft and financial fraud.

The bank has not yet specified the exact number of affected customers, but has begun reaching out to those who may have been impacted. The report noted that this incident did not result from a hacker intrusion or ransomware attack, but rather from an insider entering data that should not have left the bank’s system into an external tool.

The issue stems from uncontrolled internal usage.

What makes this incident unique is that the risk did not come from a sophisticated attack, but from employees’ routine operations. As banks and financial institutions accelerate the adoption of AI tools, many employees are using chatbots or generative platforms to process documents, summarize content, or analyze data—but these services often rely on external servers.

Once sensitive information is entered into an unauthorized platform, it may escape the organization’s original security controls. For the banking industry, such issues are particularly sensitive, as the sector is already strictly governed by privacy protection and customer information management regulations.

Banks face increasing AI governance pressures

The article notes that over the past two years, multiple U.S. regulatory agencies, including the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation, have repeatedly alerted the banking sector to AI risk management. Large tech companies and financial institutions have previously temporarily restricted the use of generative AI tools due to employees inadvertently sharing code, business data, or confidential information.

The Community Bank incident once again demonstrates that AI tools may enter everyday business operations faster than internal policies can be updated. For financial institutions, this is not only a technical issue but may also lead to increased compliance scrutiny, legal disputes, and reputational pressure.

Additional information: Community Bank is a regional bank serving Pennsylvania, Ohio, and West Virginia.

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.