Cyber Incident Victim: Western Alliance Bank

Western Alliance Bank (WAB) experienced an external system breach involving hacking on October 12, 2024. The incident compromised the personal information of 21,899 individuals, including six Maine residents. The breach remained undetected until January 27, 2025, when WAB discovered unauthorized access to its systems. Affected data included names combined with other personal identifiers, though specific data elements beyond this combination were not detailed in the notification. The bank engaged legal representation through Polsinelli PC, with attorney Bruce Radke submitting the breach disclosure to Maine authorities. WAB initiated written notifications to all affected consumers on March 14, 2025, more than five months after the breach occurred and nearly seven weeks after its discovery. No prior breach notifications had been issued by the bank within the preceding 12-month period.

In response to the incident, Western Alliance Bank offered affected individuals 12 months of identity theft protection services through Experian IdentityWorks Credit 3B. The notification package included a PDF document titled "WAB_-_Adult_1_Year_CM.pdf" specifically addressing Maine residents. The delayed discovery timeline—spanning over three months between the breach occurrence and detection—indicates prolonged unauthorized access to sensitive consumer data. The breach impacted individuals across multiple jurisdictions, with Maine representing a small fraction of the total affected population. No information was disclosed regarding containment measures, forensic investigation methods, or potential attacker motivations. The bank's legal representative served as the primary point of contact for regulatory communications regarding the incident.