BOK Financial reported a data breach involving its third-party service provider, Linedata Services Inc., which experienced a cybersecurity incident on August 11, 2025. The breach was detected when an unauthorized third party potentially accessed sensitive personal information stored in Linedata’s systems. BOK Financial initiated an investigation upon notification (August 12, 2025) and confirmed that exposed data may include names and Social Security numbers of affected individuals. By November 21, 2025, BOK Financial began notifying impacted individuals via mail, offering 12 months of complimentary credit monitoring as a remedial measure. The breach notice, filed with the Maine Attorney General, indicated that the compromised data varied per individual but included highly sensitive personally identifiable information (PII). The incident highlights risks associated with third-party vendor vulnerabilities and the potential for large-scale exposure of customer data, though the full scope of misuse (e.g., fraud or identity theft) remains undetermined as of the notification.
Source: https://straussborrelli.com/2025/11/25/bok-financial-data-breach-investigation-2/
BOK Financial cybersecurity rating report: https://www.rankiteo.com/company/bok-financial
"id": "BOK4835648112625",
"linkid": "bok-financial",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Banking/Financial',
'location': 'United States (primarily Oklahoma, with '
'nationwide operations)',
'name': 'BOK Financial',
'type': 'Financial Services'},
{'industry': 'Financial Technology',
'name': 'Linedata Services Inc.',
'type': 'Third-Party Service Provider'}],
'customer_advisories': 'Notification letters mailed to affected individuals '
'with details on impacted data and credit monitoring '
'services',
'data_breach': {'data_exfiltration': 'Potential unauthorized access confirmed',
'personally_identifiable_information': ['Name',
'Social Security '
'number'],
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-08-11',
'date_publicly_disclosed': '2025-11-21',
'description': 'BOK Financial reported a data breach where sensitive personal '
'identifiable information (PII) in its care may have been '
'compromised due to a cybersecurity incident at its '
'third-party service provider, Linedata Services Inc. The '
'breach was detected on August 11, 2025, and BOK Financial was '
'notified on August 12, 2025. An investigation confirmed that '
'unauthorized access may have occurred, exposing PII such as '
'names and Social Security numbers. Affected individuals were '
'notified starting November 21, 2025, and offered 12 months of '
'complimentary credit monitoring services.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of sensitive PII',
'data_compromised': ['Name', 'Social Security number'],
'identity_theft_risk': 'High (due to exposure of SSNs)'},
'investigation_status': 'Completed (as of November 2025, notifications sent)',
'references': [{'source': 'Attorney General of Maine - Data Breach '
'Notification'}],
'regulatory_compliance': {'regulatory_notifications': 'Notified the Attorney '
'General of Maine'},
'response': {'communication_strategy': 'Mailed data breach notification '
'letters to impacted individuals '
'(starting November 21, 2025) and '
'filed notices with the Attorney '
'General of Maine',
'incident_response_plan_activated': True,
'recovery_measures': 'Offered 12 months of complimentary credit '
'monitoring services to affected '
'individuals',
'third_party_assistance': True},
'title': 'BOK Financial Data Breach via Linedata Services Inc.',
'type': ['Data Breach', 'Third-Party Breach']}