Social Security numbers (SSNs) of over 17,000 US residents have been exposed after a Happy State Bank (HSB) employee’s email account was compromised in a suspected cyberattack.
HSB, a Texas-based financial business, notified customers about a business email compromise (BEC) that jeopardized thousands of customers’ personal data.
The company filed a notification with the Maine Attorney General’s Office, saying that threat actors could have accessed customer names or other personal identifiers with SSNs. Over 17,000 customers could have been exposed.
Losing SSNs poses significant risks, as impersonators can use stolen data in tandem with names and driver’s license numbers for identity theft.
The bank claims it noticed “unusual activity” on an email account of an employee “who is no longer with the company.” The subsequent investigation revealed that the former employee fell victim to a phishing attack.
“The individual’s HSB email account was accessed without authorization between July 28 and 29, 2022. The unauthorized activity was limited to this one email account. All HSB core banking systems were unaffected and remain secure,” reads the letter of notice attached to the HSB breach notification.
The sensitive customer data was stored in attachments to the former employee’s emails. However, the bank insists there’s no reason to believe attackers actually accessed or viewed HSB’s customer data.
The bank first disclosed the breach on March 16, 2023. The recent update was made because the investigation revealed residents of Maine had also been exposed to the BEC attack.
In a letter of notice, which disclosed the breach to those affected by it, HSB said the company had arranged for potential victims to receive credit monitoring and protection services to guard against possible instances of identity theft.
Your email address will not be published. Required fields are markedmarked