Bank3 Data Breach Exposes Sensitive Customer Information in 2025 Cyberattack
Shamis & Gentile P.A., a class action law firm specializing in data breach cases, is investigating a cybersecurity incident involving Bank3, a regional commercial bank headquartered in Memphis, Tennessee, with branches across West Tennessee and DeSoto County, Mississippi.
On August 20, 2025, Bank3 detected suspicious activity on its network and immediately secured its systems. A subsequent investigation, conducted with third-party forensic specialists, revealed that an unauthorized actor accessed the bank’s systems between July 25 and August 7, 2025, viewing or exfiltrating sensitive data.
The ransomware group Qilin claimed responsibility for the breach, posting details on the dark web on October 13, 2025. The group alleged it had stolen 149 GB of data, including personal and financial information for all clients, as well as internal financial records.
Bank3 completed its review of the compromised data and began notifying affected individuals via written notice on April 15, 2026. The exposed information included:
- Names
- Social Security numbers
- Dates of birth
- Driver’s license or state ID numbers
- Financial account and payment card details
- Taxpayer identification numbers
- Health insurance information
The bank also reported the incident to federal law enforcement and state regulators. Legal representatives are now evaluating potential compensation claims for impacted customers.
Source: https://www.claimdepot.com/investigations/bank3-data-breach-2026
Bank3 cybersecurity rating report: https://www.rankiteo.com/company/bank3memphis
"id": "BAN1776364185",
"linkid": "bank3memphis",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'All clients',
'industry': 'Banking/Financial Services',
'location': 'Memphis, Tennessee, USA; West Tennessee '
'and DeSoto County, Mississippi, USA',
'name': 'Bank3',
'type': 'Commercial Bank'}],
'customer_advisories': 'Written notice sent to affected individuals on April '
'15, 2026',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Dates of birth',
'Driver’s license or '
'state ID numbers',
'Taxpayer '
'identification '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Financial Information',
'Health Insurance Information']},
'date_detected': '2025-08-20',
'date_publicly_disclosed': '2025-10-13',
'description': 'Bank3, a regional commercial bank, experienced a '
'cybersecurity incident where an unauthorized actor accessed '
'its systems between July 25 and August 7, 2025, viewing or '
'exfiltrating sensitive data. The ransomware group Qilin '
'claimed responsibility and alleged the theft of 149 GB of '
'data, including personal and financial information for all '
'clients and internal financial records.',
'impact': {'data_compromised': '149 GB of data',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'source': 'Shamis & Gentile P.A.'}],
'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
'being evaluated',
'regulatory_notifications': 'Reported to federal '
'law enforcement and '
'state regulators'},
'response': {'communication_strategy': 'Written notice to affected '
'individuals on April 15, 2026',
'containment_measures': 'Secured systems immediately upon '
'detection',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Federal law enforcement and state '
'regulators',
'third_party_assistance': 'Forensic specialists'},
'threat_actor': 'Qilin',
'title': 'Bank3 Data Breach Exposes Sensitive Customer Information in 2025 '
'Cyberattack',
'type': 'Data Breach, Ransomware'}