Cyber Incident Victim: Frost Bank

On April 20, 2026, the Everest ransomware group posted both Citizens Financial and Frost Bank on its dark web leak site. The leak indicated a shared document-production data compromise, pointing to a single third-party vendor. Both banks confirmed that the breach originated at an unnamed third-party vendor, not their internal networks. The attack vector was Everest ransomware delivered via that vendor. The incident occurred on the same day for both institutions.

Frost Bank reported that over 250,000 Social Security numbers and taxpayer identification numbers were compromised. The exposed data included names, addresses, Social Security numbers, taxpayer identification numbers, mortgage interest records, W-2 forms, 1099 forms, and HSA contributions. The scale was smaller than Citizens Financial’s claimed 3.4 million records but still significant. The breach was documented in the Massachusetts Attorney General Data Breach Notification.

Following the disclosure, class action lawsuits were filed against Frost Bank within days. The bank acknowledged the breach and confirmed its origin at the shared vendor. No further details about containment or remediation are provided in the source material. The incident contributed to the broader trend of supply-chain compromises observed in April 2026.