Cyber Incident Victim: Bank of Oak Ridge
Date:
Apr 2021
Location:
United States of America
Summary
A cybersecurity incident at Bank of Oak Ridge allowed unauthorized actors to access systems and potentially view sensitive customer information, including Social Security numbers, bank account details, driver’s license numbers, and dates of birth. The breach primarily affected longtime account holders, prompting the institution to close all branches temporarily while investigating with external experts. Customers received notification months later, with the bank offering complimentary identity theft protection services. Initial public reports referenced system outages without disclosing the data compromise, which caused service disruptions but was later confirmed as a significant security event involving historical customer records.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 26-27, 2021, unauthorized actors accessed Bank of Oak Ridge’s computer systems, causing a cybersecurity incident that disrupted banking services and led to a two-day closure of all branches. Customers attempting transactions during this period were informed systems were offline, with initial public reports citing unspecified “computer troubles” rather than disclosing the breach. The attackers potentially viewed historical customer data containing highly sensitive personal information, including full names, Social Security numbers, bank account numbers, dates of birth, and driver’s license numbers. Impacted individuals were primarily long-term customers who had opened accounts before September 30, 2009. The bank initiated an investigation with external cybersecurity assistance immediately upon detecting the incident to determine its nature and scope, confirming unauthorized access to systems containing customer data.
Bank officials notified affected customers via letters dated July 9, 2021—over two months after the breach—disclosing the potential compromise of their information. The delayed notification aligned with the investigation’s timeline to verify impacted individuals and data types. No precise figures regarding affected customers were publicly released, though the breach’s scope appeared limited to pre-September 2009 account holders. In response, the bank offered complimentary identity theft protection services to concerned customers and engaged directly with them to address security concerns. The incident highlighted operational vulnerabilities through its service disruptions while exposing systemic risks to legacy customer data retention practices.