Cyber Threat Actor: River City Bank employee

The threat actor is identified by thealias River City Bank employee.
This individual is located in the United States of America. The actor functioned as an insider with legitimate access to River City Bank’s systems. The insider status derives from employment rather than external affiliation.
No broader criminal group or state sponsor is publicly associated with this actor. On September 29, 2020, the bank discovered that the employee had copied customer data onto a personal storage device. After copying the data, the employee transmitted the information to an unauthorized third party.
The act of downloading the data fell outside the scope of the employee’s authorized job duties.
The transmission to the third party likewise was not part of any permitted access rights.
The bank’s internal monitoring flagged the anomalous activity on the same day.

Upon detection, the bank immediately revoked the employee’s network and system access.
A formal internal investigation was launched to determine the extent of the data exfiltration. Law enforcement agencies were notified and participated in the investigative process.
The bank’s response included securing the compromised storage device where feasible.
Affected customers were informed of the incident through a formal breach notification.

The breach notification was submitted to the California Attorney General’s Office as required by state law.
The notification letter explained that the data transfer was not part of the employee’s legitimate responsibilities.
The document did not disclose the identity of the third party who received the data.
The notification also omitted any speculation about the intended use of the stolen information. The bank explicitly stated that, at the time of public disclosure, no evidence of subsequent data misuse had been found.
The statement noted that the absence of evidence does not guarantee future safety but reflected the current investigative findings.
The bank committed to cooperating with regulators and providing assistance to impacted individuals.

No additional incidents or linked campaigns involving this actor have been reported in public sources.
The case remains an isolated insider threat event tied to a single employee’s actions.
Consequently, no broader pattern of behavior or recurring threat activity can be inferred from this occurrence.
The actor’s profile is therefore limited to the specific facts outlined in the bank’s disclosure.
Any further conclusions about motives, capabilities, or affiliations would require information not presently available.