Community Bank Data Breach Exposes Sensitive Customer Information via Unauthorized AI Software

Severity: High (Score: 65.2)

Sources: Techcrunch, Theregister, Classaction

Summary

Community Bank has reported a data breach involving the unauthorized use of AI software that exposed sensitive customer information, including names, Social Security numbers, and dates of birth. The breach was disclosed in an 8-K filing with the SEC on May 7, 2026, after the bank detected the exposure on May 5. The unauthorized AI application was not specified, but it raises concerns about potential third-party data access. Community Bank is currently investigating the incident and notifying affected customers as required by law. The breach affects customers in southwestern Pennsylvania, southeastern Ohio, and northwestern West Virginia. Legal representatives are exploring the possibility of a class action lawsuit for those impacted. No operational impact on banking services was reported, and the bank is committed to enhancing data protection measures. Key Points: • Community Bank disclosed a data breach involving unauthorized AI software on May 7, 2026. • Sensitive customer data, including Social Security numbers, was exposed, affecting customers in three states. • Legal investigations are underway for a potential class action lawsuit for affected individuals.

Key Entities

• Data Breach (attack_type)
• CB Financial Services (company)
• Community Bank (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• classaction.org (domain)
• Financial (industry)
• T1567 - Exfiltration Over Web Service (mitre_attack)