Cyber Incident Victim: Bank of the West

In December 2013, Bank of the West discovered unauthorized access to a retired internet application system used for job listings and applicant submissions. The breach, identified on December 19, 2013, exposed personal information belonging to an undisclosed number of individuals who had applied for positions with the bank prior to that date. Compromised data included names, addresses, dates of birth, Social Security numbers, and driver's license numbers, along with usernames and passwords created by applicants to access the job portal. The bank confirmed the attackers targeted servers hosting this decommissioned application platform, though investigators found no conclusive evidence that personal information was actually exfiltrated. This incident potentially affected applicants across the bank's operations, which employed over 9,000 staff members nationwide at the time of disclosure.

Upon detecting the intrusion, Bank of the West immediately shut down and secured the compromised servers. The institution implemented additional security measures on its systems and launched an investigation involving law enforcement agencies, which remained ongoing as of February 2014. Beginning February 5, 2014, the bank initiated notifications to all individuals who had submitted job applications through the affected system before December 19, 2013. These notifications included offers for complimentary identity theft monitoring services valid for one year. Bank spokeswoman Debra Jack emphasized the notifications were precautionary, stating no definitive proof existed that attackers had successfully extracted sensitive data from the system. The bank coordinated its public disclosure with regulatory filings through the California Attorney General's office and media statements in early February 2014 to inform potentially impacted applicants about the breach and mitigation measures.