Menu
Browse

Cyber Incident Victim: Community Bank

Date:

May 2026

Location:

United States of America

Summary

Community Bank disclosed a cybersecurity incident in which customers’ names, dates of birth, and Social Security numbers were exposed after the use of an unauthorized artificial intelligence‑based software application. The bank said it is evaluating the affected customer data and will send notifications in accordance with relevant laws, and its chief executive did not respond to a request for comment. The Register was the first outlet to report the security lapse.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On May 7, 2026, Community Bank filed an 8‑K with the U.S. Securities and Exchange Commission disclosing a cybersecurity incident. The filing stated that the bank had detected an exposure of customers’ personal data resulting from the use of an unauthorized artificial intelligence‑based software application. The bank indicated that the disclosure was made because of the volume and sensitive nature of the non‑public information involved. The Register was the first outlet to report the security lapse.

Cyber Incident Image

The exposed information included customers’ names, dates of birth, and Social Security numbers. While the bank did not specify how many individuals were affected or which AI application was involved, the filing noted that, based on its language, it appears someone working for Community Bank may have uploaded customer data to an online AI chatbot, potentially exposing that information to the chatbot maker. The bank emphasized that it was unclear exactly what happened but confirmed the incident stemmed from the unauthorized AI tool.

In response, Community Bank said it is evaluating the customer data that was affected and is sending notifications in accordance with relevant laws. The bank’s chief executive, John Montgomery, did not immediately respond to requests for comment from TechCrunch. No further details about containment, remediation, or potential misuse of the data were provided in the disclosed materials.

Sources
Sources available to members
1 source