Cyber Incident Victim: Old Point National Bank
Date:
Sep 2022
Location:
United States of America
Summary
Old Point National Bank experienced a data breach when an unauthorized party accessed an employee's email account containing sensitive customer information, including names, driver's license details with photos, Social Security numbers, and bank account numbers with balances. The institution secured the compromised account, notified law enforcement, and engaged cybersecurity experts to investigate the incident before confirming unauthorized access to client data. Affected individuals received notification letters detailing the compromised information and potential risks of identity theft or fraud resulting from the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Old Point National Bank data breach originated from unauthorized access to an employee email account, with the cyberattack occurring around September 2, 2022. The bank discovered that an external party compromised the email credentials, gaining remote access to messages containing sensitive customer information. Upon detecting the intrusion, Old Point immediately disabled the affected email account to prevent further unauthorized activity. The institution reported the incident to law enforcement authorities and engaged cybersecurity specialists to conduct a forensic investigation. The probe confirmed that the attacker accessed names, driver's license numbers and associated photos, Social Security numbers, and bank account numbers with balances belonging to certain clients. These data elements collectively created significant identity theft and financial fraud risks for impacted individuals. The compromised information varied among victims based on what documents were present in the email account during the breach window. Old Point completed its internal review of affected files approximately two months after initial detection.
On November 9, 2022, Old Point formally reported the breach to the Montana Attorney General's office and initiated consumer notifications through individualized data breach letters. The correspondence detailed the specific categories of personal and financial information exposed in each recipient's case. The notification process followed the bank's determination of which customers had data accessible through the compromised email account. Founded in 1922 and headquartered in Hampton, Virginia, Old Point National Bank operates 19 branches across the Hampton Roads region with 273 employees and $51 million annual revenue. As a subsidiary of Old Point Financial Corporation, the institution provides banking services through the Allpoint ATM network alongside affiliated mortgage, wealth management, and insurance divisions. The breach investigation revealed no evidence of wider system compromise beyond the single email account intrusion. No public statements indicated whether the bank implemented additional security measures or faced regulatory penalties following the incident.