California International Bank, N.A., a community-focused financial institution based in Westminster, California, suffered a data breach after an unauthorized individual accessed a single employee’s email account between September 11–12, 2024. The breach was discovered on September 12, 2024, but the bank only confirmed on August 29, 2025, that sensitive personal information including financial account details and Social Security numbers was exposed. The incident affected at least four Massachusetts residents, with notifications sent to the California and Massachusetts Attorneys General on September 19, 2025.The breach stemmed from a phishing scam targeting an employee’s email, leading to potential identity theft risks. In response, the bank offered complimentary credit monitoring (Experian IdentityWorks) and recommended affected individuals place fraud alerts, security freezes, and monitor financial statements. Legal investigations suggest victims may be eligible for compensation due to the exposure of highly sensitive data, with law firms like Shamis & Gentile P.A. pursuing class-action claims. The breach underscores vulnerabilities in small financial institutions, where limited employee oversight can result in significant data exposure.
Source: https://www.claimdepot.com/investigations/california-international-bank-data-breach-2025
TPRM report: https://www.rankiteo.com/company/calibankna
"id": "cal5894058100325",
"linkid": "calibankna",
"type": "Breach",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 4 (Massachusetts '
'residents confirmed; total '
'scope unclear)',
'industry': 'Financial Services',
'location': 'Westminster, California, USA',
'name': 'California International Bank, N.A.',
'size': 'Small (~10 employees)',
'type': 'Community Bank'}],
'attack_vector': 'Unauthorized Access (Email Account)',
'customer_advisories': 'Notices sent to affected individuals with steps for '
'protection (credit monitoring, fraud alerts, etc.)',
'data_breach': {'data_exfiltration': 'Likely (personal information in emails '
'accessed)',
'file_types_exposed': ['Emails'],
'number_of_records_exposed': 'At least 4 (exact total '
'undisclosed)',
'personally_identifiable_information': 'Yes (SSNs, financial '
'data)',
'sensitivity_of_data': 'High (PII including SSNs)',
'type_of_data_compromised': ['Financial account information',
'Social Security numbers']},
'date_detected': '2024-09-12',
'description': 'An unauthorized individual gained access to a single '
'employee’s email account at California International Bank, '
'N.A., potentially exposing sensitive personally identifiable '
'information (PII) including financial account details and '
'Social Security numbers. The breach was discovered on '
'September 12, 2024, with the unauthorized access occurring '
'between September 11–12, 2024. The bank confirmed the '
'exposure of personal information on August 29, 2025, and '
'reported the incident to the California and Massachusetts '
'Attorneys General on September 19, 2025. Four Massachusetts '
'residents were confirmed affected. The bank offered '
'complimentary credit monitoring and identity restoration '
'services via Experian IdentityWorks.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive PII',
'data_compromised': ['Financial account information',
'Social Security numbers'],
'identity_theft_risk': 'High (due to exposure of SSNs and '
'financial data)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'for affected individuals',
'payment_information_risk': 'High (financial account information '
'exposed)',
'systems_affected': ['Employee email account']},
'initial_access_broker': {'entry_point': 'Employee email account'},
'investigation_status': 'Ongoing (class action investigation by Shamis & '
'Gentile P.A.)',
'recommendations': ['Enroll in complimentary credit monitoring (Experian '
'IdentityWorks)',
'Place a one-year fraud alert on credit files',
'Place a security freeze on credit files',
'Review free credit reports from major bureaus',
'Monitor financial accounts for suspicious activity',
'File a police report if suspicious activity is detected'],
'references': [{'source': 'Shamis & Gentile P.A. (Class Action '
'Investigation)'},
{'source': 'California International Bank, N.A. Breach Notice'},
{'source': 'Massachusetts Attorney General'}],
'regulatory_compliance': {'legal_actions': 'Potential lawsuits (class action '
'investigation by Shamis & Gentile '
'P.A.)',
'regulatory_notifications': 'Reported to California '
'and Massachusetts '
'Attorneys General '
'(2025-09-19)'},
'response': {'communication_strategy': 'Notices sent to affected individuals; '
'public advisory via law firm (Shamis '
'& Gentile P.A.)',
'incident_response_plan_activated': 'Yes (investigation '
'supported by external '
'cybersecurity '
'professionals)',
'recovery_measures': 'Complimentary credit monitoring and '
'identity restoration services (Experian '
'IdentityWorks)',
'third_party_assistance': 'Yes (external cybersecurity '
'professionals)'},
'stakeholder_advisories': 'Credit monitoring services offered; legal '
'advisories for affected individuals',
'threat_actor': 'Unauthorized Individual (Unknown)',
'title': 'California International Bank, N.A. Data Breach (2024)',
'type': 'Data Breach (Email Account Compromise)'}