FirstBank

FirstBank experienced a data breach due to unauthorized access to an employee’s email account, discovered on February 9, 2021, though the incident occurred earlier on November 3, 2020. The breach exposed sensitive personal information, including financial account numbers, of 12,366 individuals. While the exact method of compromise was not detailed, the exposure of financial data poses significant risks such as identity theft and fraudulent transactions. In response, FirstBank offered affected individuals identity theft protection services, including credit monitoring and $1 million in identity theft insurance, to mitigate potential harm. The breach highlights vulnerabilities in email security protocols, particularly when employee accounts are targeted, leading to large-scale data exposure. The incident underscores the importance of robust cybersecurity measures, including multi-factor authentication and continuous monitoring, to prevent unauthorized access to sensitive systems.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/2500ea41-e0c4-4791-af3f-8e751d2fdb4b.shtml

TPRM report: https://www.rankiteo.com/company/firstbankpr

"id": "fir749082025",
"linkid": "firstbankpr",
"type": "Breach",
"date": "11/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '12,366',
                        'industry': 'Banking',
                        'name': 'FirstBank',
                        'type': 'Financial Institution'}],
 'attack_vector': 'Unauthorized Access (Email Account Compromise)',
 'customer_advisories': ['Offered Identity Theft Protection Services (Credit '
                         'Monitoring, $1M Insurance)'],
 'data_breach': {'number_of_records_exposed': '12,366',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Financial Account Numbers']},
 'date_detected': '2021-02-09',
 'description': 'The Maine Office of the Attorney General reported that '
                'FirstBank experienced a data breach involving unauthorized '
                'access to an employee’s email account, discovered on February '
                '9, 2021. The breach, which occurred on November 3, 2020, '
                'affected 12,366 individuals, potentially compromising '
                'personal information including financial account numbers. '
                'Identity theft protection services, including credit '
                'monitoring and $1 million in identity theft insurance, were '
                'offered to those affected.',
 'impact': {'brand_reputation_impact': 'Potential Negative Impact (Identity '
                                       'Theft Risk)',
            'data_compromised': ['Personal Information',
                                 'Financial Account Numbers'],
            'identity_theft_risk': 'High (Offered Protection Services)',
            'payment_information_risk': 'Yes (Financial Account Numbers '
                                        'Compromised)',
            'systems_affected': ['Employee Email Account']},
 'initial_access_broker': {'entry_point': 'Employee Email Account'},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'remediation_measures': ['Offered Identity Theft Protection '
                                       'Services (Credit Monitoring, $1M '
                                       'Insurance)']},
 'title': 'FirstBank Email Account Data Breach',
 'type': 'Data Breach'}