Cyber Incident Victim: Bank Spółdzielczy w Zambrowie

On January 16, 2024, Bank Spółdzielczy w Zambrowie experienced a security incident that disrupted its banking operations. The bank identified system malfunctions, later confirmed to result from unauthorized encryption of customer data, rendering electronic banking services temporarily inaccessible. This data unavailability prevented customers from conducting payments or accessing funds in their accounts. The bank classified the event as a personal data breach under Article 34 of the GDPR, specifically noting the loss of data availability due to system compromise. Immediate containment measures involved securing IT infrastructure and initiating system restoration efforts. The bank notified Poland's Data Protection Authority (Prezes Urzędu Ochrony Danych Osobowych) about the breach and committed to informing affected customers once full service resumed. Contact details for the Management Board President (Zenona Zalewska) and Data Protection Officer (Jarosław Rudawski) were provided for inquiries.

Service impacts included prolonged outages across digital banking platforms, prompting the bank to restore partial operations through physical branches. Six locations reopened: Zambrów (Fabryczna 3 and Zamtex branches), Rutki-Kossaki, Kołaki Kościelne, Zawady, and Kobylin-Borzymy. Customers requiring password resets or card activations were directed to specific phone lines (453 011 258, 453 011 262) during business hours or alternative channels like the Kartosfera portal or BPS helpline (86 215 50 00). The bank assured customers their funds remained secure and emphasized its membership in the BPS Association's Protection System for operational support. No data exfiltration was disclosed, with the breach confined to encryption-induced unavailability. Restoration timelines were unspecified, though the bank pledged to prioritize full service recovery and implement preventive measures against future incidents.