Cyber Incident Victim: Tri Counties Bank

On March 24, 2023, Tri Counties Bank publicly disclosed a ransomware attack through a "Network Outage Update" posted on its website. The bank acknowledged the incident might have compromised confidential consumer data, though the specifics of exposed information remained unconfirmed at the time of disclosure. Upon detecting the attack, the institution responded by immediately shutting down its computer network to contain the threat, disrupting normal operations across its infrastructure. Tri Counties Bank notified law enforcement authorities and initiated an internal investigation to determine the breach’s scope and impact. During this active investigation, ransomware actors posted data they claimed belonged to bank customers, though the bank did not verify the origin or authenticity of this leaked material. The bank maintained it would continue assessing whether personally identifiable information, financial records, or other sensitive data was accessed or exfiltrated during the security compromise.

Potential impacts centered on unauthorized access to customer information, creating risks for identity theft, financial fraud, and illicit sale of data on dark web markets. Tri Counties Bank committed to issuing formal data breach notification letters to affected individuals if the investigation confirmed data exposure. The disclosure followed standard procedures for ransomware incidents involving potential consumer data loss, though the outage suggested operational disruptions to banking services. With no public confirmation of the ransomware variant, attacker identity, or initial attack vector, the incident remained under active law enforcement and internal review. Tri Counties Bank’s parent company, TriCo Bancshares, did not release additional financial or technical details about the attack’s effect on its 70+ branches or its operational recovery timeline beyond the initial network shutdown and ongoing investigation.