Cyber Incident Victim: Eagle Bank
Date:
Nov 2022
Location:
United States of America
Summary
Eagle Bank reported a data breach involving unauthorized access to its computer network, compromising sensitive customer information including names, Social Security numbers, financial account details, and driver’s license numbers. The incident impacted at least 476 individuals in Massachusetts, with notification letters sent to affected parties confirming the exposure of their personal data. The breach originated from the bank’s own systems rather than a third-party provider.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 8, 2022, Eagle Bank filed a data breach notification with the Massachusetts Attorney General’s Office following unauthorized access to its computer network. The breach exposed sensitive consumer information entrusted to the bank, specifically compromising customer names, Social Security numbers, financial account numbers, and driver’s license numbers. Eagle Bank confirmed the incident originated from its own network infrastructure rather than a third-party system, though technical details regarding the intrusion method or attacker identity were not disclosed in regulatory filings. The bank initiated consumer notifications on the same date as its Attorney General submission, mailing data breach letters to all affected individuals whose data was confirmed as compromised. These letters outlined the nature of the incident and recommended protective measures against identity theft and fraud. Massachusetts authorities reported at least 476 state residents were impacted, though Eagle Bank did not publicly disclose the total number of affected customers across its operational footprint.
The compromised data types carried significant fraud risks due to their completeness for identity verification purposes. Established in 1889 and headquartered in Peabody, Massachusetts, Eagle Bank operates five branches and a loan center, providing personal, business, and mortgage services. Its breach notification to Massachusetts constituted the primary public documentation of the incident’s scope and origin. No information was released regarding the breach’s discovery timeline, containment procedures, or forensic investigation methodology. Affected customers received confirmation that their Social Security numbers and bank account details were among the exposed records, elevating their susceptibility to financial crimes. The Attorney General’s filing confirmed the bank fulfilled its statutory notification obligations but did not assess the adequacy of Eagle Bank’s security protocols or data handling practices prior to the breach.