The California Office of the Attorney General disclosed a **data breach** at **Bank of the West** on **June 23, 2022**, stemming from an **ATM skimming incident** detected between **November 10, 2021, and April 18, 2022**. The breach involved unauthorized access to **card numbers, PINs, and personal information** of customers using compromised ATMs. While the exact number of affected individuals remains undisclosed, the incident exposed sensitive financial and personal data, posing risks of **fraudulent transactions, identity theft, and unauthorized account access**.The breach was likely executed through **physical tampering of ATMs**—a common tactic where criminals install skimming devices to capture card details and PINs. Although no explicit mention of large-scale financial losses or systemic disruptions was reported, the exposure of **payment card data and personal identifiers** suggests a direct threat to customers' financial security and privacy. The prolonged detection window (over **five months**) further exacerbates the potential for misuse of the stolen data before mitigation measures were implemented.This incident underscores vulnerabilities in **physical and digital payment infrastructure**, highlighting the need for enhanced monitoring, customer notifications, and fraud prevention protocols to mitigate post-breach risks.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-554547
TPRM report: https://www.rankiteo.com/company/bank-of-the-west
"id": "ban038090625",
"linkid": "bank-of-the-west",
"type": "Breach",
"date": "11/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Banking',
'location': 'California, USA',
'name': 'Bank of the West',
'type': 'Financial Institution'}],
'attack_vector': 'Physical ATM Skimming Device',
'data_breach': {'data_exfiltration': 'Likely (via Skimming Device)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Card Numbers',
'PINs',
'Personal Information']},
'date_detected': '2022-04-18',
'date_publicly_disclosed': '2022-06-23',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Bank of the West on June 23, 2022. The '
'breach involved an ATM skimming incident discovered between '
'November 10, 2021, and April 18, 2022, potentially '
'compromising card numbers, PINs, and personal information of '
'affected individuals, but the total number of individuals '
'affected is unknown.',
'impact': {'brand_reputation_impact': 'Potential Negative Impact '
'(Undisclosed)',
'data_compromised': ['Card Numbers',
'PINs',
'Personal Information'],
'identity_theft_risk': 'High (Potential)',
'payment_information_risk': 'High (Card Numbers and PINs '
'Compromised)',
'systems_affected': ['ATMs']},
'initial_access_broker': {'data_sold_on_dark_web': 'Possible (Undisclosed)',
'entry_point': 'Physical ATM Tampering',
'high_value_targets': 'Customer Payment Data'},
'investigation_status': 'Disclosed; Details Limited',
'motivation': 'Financial Gain (Likely)',
'post_incident_analysis': {'root_causes': 'Likely Physical Security Lapse at '
'ATMs'},
'references': [{'date_accessed': '2022-06-23',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public Disclosure via California '
'Office of the Attorney General'},
'title': 'Bank of the West ATM Skimming Incident',
'type': 'Data Breach (ATM Skimming)'}