Tri Counties Bank breach exposes user financial data


Tri Counties Bank, serving primarily the US West Coast, has had its systems breached. Attackers took personal customer and employee data, including financial information.

The bank has started informing impacted individuals about a data breach after attackers penetrated its systems in February 2023. According to the letter, the attack exposed names, Social Security numbers (SSNs), driver’s license numbers, and financial account information.

The victims include some of Tri Counties Bank’s customers, employees, their affiliates, and dependents. Information the bank submitted to the Maine Attorney General says a total of 74,385 individuals were impacted by the attack.

The breach notification letter to the hack’s victims says that Tri Counties Bank’s “network had been infected with malware which prevented access to certain files on its network,” strongly pointing to a ransomware attack.

Even though the attack took place in early February, the bank said it completed a review of potentially impacted data only in October, eight months after attackers breached its systems.

The bank’s breach notification letter somewhat downplays the attacks’ impact, saying that the bank “has no evidence of any identity theft or fraud in connection with this incident.”

The bank said it had informed law enforcement agencies about the breach and vouched to provide the attack victims with “identity restoration and guidance on how to better protect against identity theft and fraud.”