Cyber Incident Victim: Traditions Bank
Date:
Mar 2023
Location:
United States of America
Summary
Traditions Bank experienced a cybersecurity incident where an unauthorized party copied files from its systems, compromising customer data including personal identifiers, financial details, online banking credentials, and government-issued identification numbers. The bank initiated an investigation and subsequently notified affected individuals, offering complimentary identity theft protection for 24 months to mitigate potential risks arising from the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 3, 2023, Traditions Bank discovered unauthorized access to its computer network, leading to the removal of files containing confidential customer information. The breach was confirmed when an internal investigation revealed that an unauthorized party had copied sensitive data from the bank's systems, prompting immediate action to assess the scope and impact. The investigation determined the exposed information included names, addresses, Social Security numbers, bank account numbers, loan numbers, debit card numbers, dates of birth, online banking usernames, and driver’s license numbers. Approximately six weeks after detection, on April 17, 2023, Traditions Bancorp—the bank’s holding company—formally notified the Massachusetts Attorney General’s Office through its Office of Consumer Affairs and Business Regulation about the incident. The bank identified affected individuals whose data was compromised and initiated notification procedures to alert them, underscoring the financial fraud risks associated with the exposed datasets.
Traditions Bank issued personalized data breach notification letters to all impacted customers on April 17, 2023, outlining the types of compromised information and advising affected parties to monitor their accounts for suspicious activity. As part of its remediation efforts, the bank offered 24 months of complimentary identity theft protection to mitigate potential harm. The incident impacted an undisclosed number of customers, with compromised data varying per individual but encompassing highly sensitive financial and personally identifiable information that could facilitate identity theft or fraud. Traditions Bank, headquartered in York, Pennsylvania, operates seven branches across Central Pennsylvania and employs over 100 staff, generating approximately $33 million in annual revenue. No operational disruptions or system downtime were disclosed in connection with the breach, which primarily affected the confidentiality of customer data rather than transactional systems. The bank concluded its proactive disclosure and mitigation steps without specifying whether law enforcement was engaged or if forensic analysis revealed the attack’s origin or methodology.