BNY Mellon Discloses Data Breach Affecting Employee Profit Sharing Plan Participants
BNY Mellon National Association, a nationally chartered bank and affiliate of The Bank of New York Mellon Corp., reported a data breach impacting participants in its employee Profit Sharing Plan (PSP). The breach was disclosed to the Massachusetts Office of Consumer Affairs and Business Regulation, with 15 Massachusetts residents confirmed as affected.
The incident was detected on March 10, 2026, and notification letters were sent to impacted individuals beginning April 1, 2026. The breach involved unauthorized access to an internal system used to manage the PSP, which contained sensitive personal and financial data. While BNY Mellon’s investigation found no evidence of data modification by the threat actor, it could not confirm whether the information was viewed.
Potentially exposed data includes names, Social Security numbers, home addresses, bank account and routing numbers, and PSP payment details.
In response, BNY Mellon is offering 24 months of free identity theft protection through IDX, including credit monitoring, CyberScan monitoring, PII removal, a $1 million insurance reimbursement policy, and identity recovery services. Affected individuals must enroll by October 1, 2026, using a unique code provided in their notification letters. Support is available via a dedicated phone line at 1-800-418-0273.
Source: https://www.claimdepot.com/data-breach/bny-mellon-2026
BNY cybersecurity rating report: https://www.rankiteo.com/company/bnyglobal
"id": "BNY1776199205",
"linkid": "bnyglobal",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '15 (confirmed in '
'Massachusetts), likely more '
'nationwide',
'industry': 'Financial Services',
'location': 'United States',
'name': 'BNY Mellon National Association',
'type': 'Bank'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Notification letters sent with instructions for '
'enrolling in identity theft protection services. '
'Support available via 1-800-418-0273.',
'data_breach': {'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'home addresses, bank '
'account and routing '
'numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal and financial data'},
'date_detected': '2026-03-10',
'date_publicly_disclosed': '2026-04-01',
'description': 'BNY Mellon National Association reported a data breach '
'impacting participants in its employee Profit Sharing Plan '
'(PSP). The breach involved unauthorized access to an internal '
'system used to manage the PSP, which contained sensitive '
'personal and financial data. Potentially exposed data '
'includes names, Social Security numbers, home addresses, bank '
'account and routing numbers, and PSP payment details.',
'impact': {'data_compromised': 'Names, Social Security numbers, home '
'addresses, bank account and routing numbers, '
'PSP payment details',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Internal system used to manage the Profit '
'Sharing Plan (PSP)'},
'investigation_status': 'Ongoing (no evidence of data modification, but could '
'not confirm if data was viewed)',
'recommendations': 'Affected individuals should enroll in the offered '
'identity theft protection services by October 1, 2026.',
'references': [{'source': 'Massachusetts Office of Consumer Affairs and '
'Business Regulation'}],
'regulatory_compliance': {'regulatory_notifications': 'Disclosed to the '
'Massachusetts Office '
'of Consumer Affairs '
'and Business '
'Regulation'},
'response': {'communication_strategy': 'Notification letters sent to affected '
'individuals',
'third_party_assistance': 'IDX (identity theft protection '
'services)'},
'title': 'BNY Mellon Discloses Data Breach Affecting Employee Profit Sharing '
'Plan Participants',
'type': 'Data Breach'}