On September 11, 2024, Merchants Bank suffered a data breach due to unauthorized access to an employee’s email account, compromising the personal information of 6,113 individuals. The breach exposed sensitive data, though the exact nature of the leaked information (e.g., financial records, personally identifiable details) was not explicitly detailed in the report. In response, the bank mitigated risks by offering 12 months of Experian Identity Theft and Credit Monitoring Services to affected individuals, aiming to prevent potential fraud or identity theft.The incident highlights vulnerabilities in email security protocols, as threat actors exploited an employee account to gain access. While the bank took corrective measures, the breach underscores the broader risks of phishing or credential theft leading to unauthorized data exposure. The impact primarily revolves around customer data integrity, with potential long-term consequences such as reputational damage, regulatory scrutiny, or financial fraud for the victims. The bank’s proactive offering of credit monitoring suggests the leaked data could enable identity theft or financial crimes, though no immediate large-scale fraud was reported at the time of disclosure.
TPRM report: https://www.rankiteo.com/company/farmers-merchants-bank
"id": "far039091825",
"linkid": "farmers-merchants-bank",
"type": "Breach",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 6113,
'industry': 'Banking',
'location': 'Maine, USA',
'name': 'Merchants Bank',
'type': 'Financial Institution'}],
'attack_vector': 'Unauthorized Access (Employee Email Account)',
'customer_advisories': '12 months of Experian Identity Theft and Credit '
'Monitoring Services offered to affected individuals',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 6113,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2024-09-11',
'date_publicly_disclosed': '2024-09-11',
'description': 'The Maine Office of the Attorney General reported that '
'Merchants Bank experienced a data breach on September 11, '
'2024, involving unauthorized access to an employee email '
'account, which affected 6,113 individuals. In response, they '
'offered 12 months of Experian Identity Theft and Credit '
'Monitoring Services.',
'impact': {'brand_reputation_impact': 'Potential (due to data breach '
'disclosure)',
'data_compromised': True,
'identity_theft_risk': True,
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'references': [{'date_accessed': '2024-09-11',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General; offer of 12 '
'months of credit monitoring to '
'affected individuals',
'incident_response_plan_activated': True,
'third_party_assistance': ['Experian (Identity Theft and Credit '
'Monitoring Services)']},
'title': 'Merchants Bank Data Breach via Unauthorized Email Access',
'type': 'Data Breach'}