Cyber Incident Victim: Community Development Bank
Date:
Feb 2020
Location:
United States of America
Summary
Community Development Bank was targeted in a ransomware attack by the DoppelPaymer group, which claimed to have exfiltrated and leaked sensitive customer data, including personal and financial information, to pressure the organization. The bank's parent entity, TBK Bank, firmly denied the breach, asserting that internal and third-party investigations found no evidence of compromise and disavowed the leaked documents as unrelated. Attackers initially misidentified the victim as CD Bank before correcting their claim, while continued data dumps by the group conflicted with the bank's statements, leaving the incident's validity unresolved amid contradictory evidence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around February 27, 2020, attackers associated with the DoppelPaymer ransomware group targeted Community Development Bank, an online division of Texas-based TBK Bank, SSB. The attackers employed a pressure tactic by publicly leaking portions of the bank’s data daily after the initial compromise, accelerating their threat of full exposure. DataBreaches.net first observed the incident when DoppelPaymer operators listed CD Bank as a victim on their leak site and began publishing files containing customer financial information. These files included unredacted account numbers and customer names, indicating the theft of sensitive personal and financial data. The attackers’ initial attribution to "CD Bank" was later corrected to Community Development Bank following further investigation by DataBreaches.net.
Community Development Bank did not respond to multiple inquiries from DataBreaches.net sent on February 27 and 28 regarding the alleged breach. On March 1, Amanda Tavackoli, SVP of Communications for TBK Bank, issued a statement denying any compromise of CD Bank or its related entities, asserting that a review by their Information Security team and core provider found no evidence of a breach. The bank dismissed the attackers’ claims, stating the leaked documents were unrelated to CD Bank. Despite this denial, DoppelPaymer operators continued to publish additional files containing customer data, escalating their pressure campaign. The incident created public uncertainty due to the discrepancy between the attackers’ persistent data leaks and the bank’s firm rebuttal. DataBreaches.net noted the unresolved nature of the claims but did not independently verify the extent of data exposure or operational impact on the bank.