Happy State Bank (HSB), a Texas-based financial business, has reported a business email compromise (BEC) that has potentially exposed the Social Security numbers (SSNs) of over 17,000 US residents. The bank disclosed the breach in March 2023 and recently updated the notification after discovering that residents of Maine had also been affected.
The bank has filed a notification with the Maine Attorney General’s Office, stating that threat actors could have accessed customer names or other personal identifiers with SSNs.
According to HSB, the breach occurred after a former employee fell victim to a phishing attack, and their email account was accessed without authorization between July 28 and 29, 2022. Although the bank detected “unusual activity” on the account, the breach was limited to this email account, and all HSB core banking systems remain secure.
However, the former employee’s email account contained sensitive customer data stored in attachments.
Losing SSNs poses significant risks, as impersonators can use stolen data in tandem with names and driver’s license numbers for identity theft. HSB has arranged for potential victims to receive credit monitoring and protection services to guard against possible instances of identity theft.
In conclusion, HSB is just one of many financial institutions that have suffered a data breach, highlighting the need for banks to strengthen their security measures to protect customer data.
It is important for customers to be vigilant about monitoring their financial information and take necessary precautions to protect their identities.
