M&T Bank and Gelinas & Ward LLP: M&T Bank Data Breach: Sensitive Personal Information Exposed

M&T Bank Discloses Third-Party Data Breach Affecting Customer Information

M&T Bank, a regional financial institution serving over 3.6 million customers across 12 states and Washington, D.C., recently revealed a data breach stemming from a security incident at third-party law firm Gelinas & Ward LLP. The breach, which occurred in August 2025, exposed sensitive customer data, including Social Security numbers, financial account details, credit/debit card numbers, and driver’s license numbers.

The bank confirmed that the breach originated entirely within the law firm’s systems, with no compromise of M&T Bank’s internal infrastructure. Upon discovering the incident, M&T Bank launched a review in collaboration with Gelinas & Ward to assess the scope and determine the affected data.

While 462 Massachusetts residents were initially identified as impacted prompting a report to the Massachusetts Office of Consumer Affairs and Business Regulation the total number of affected individuals nationwide remains undisclosed. Notification letters were sent to impacted customers on April 17, 2026.

In response, M&T Bank is offering 24 months of complimentary credit monitoring through Equifax Complete Premier, including three-bureau monitoring, identity theft insurance, and fraud detection tools. Affected customers can enroll using a unique activation code provided in their notification letter, valid for 90 days. Gelinas & Ward is separately providing TransUnion-based credit monitoring and identity restoration services to those affected.

For inquiries, M&T Bank has established a dedicated helpline (1-800-724-2440), while Gelinas & Ward can be contacted by mail at 106 Merriam Ave., Leominster, MA 01453.

Source: https://www.claimdepot.com/data-breach/mt-bank-2026

M&T Bank TPRM report: https://www.rankiteo.com/company/m&t-bank

Gelinas & Ward LLP TPRM report: https://www.rankiteo.com/company/law-offices-of-gelinas-and-ward

"id": "m&tlaw1776869766",
"linkid": "m&t-bank, law-offices-of-gelinas-and-ward",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Undisclosed (462 Massachusetts '
                                              'residents confirmed)',
                        'industry': 'Banking',
                        'location': '12 states and Washington, D.C., USA',
                        'name': 'M&T Bank',
                        'size': '3.6 million customers',
                        'type': 'Financial Institution'},
                       {'customers_affected': 'Undisclosed (462 Massachusetts '
                                              'residents confirmed)',
                        'industry': 'Legal Services',
                        'location': 'Leominster, MA, USA',
                        'name': 'Gelinas & Ward LLP',
                        'type': 'Law Firm'}],
 'attack_vector': 'Third-Party Compromise',
 'customer_advisories': 'Notification letters sent on April 17, 2026; credit '
                        'monitoring services offered',
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social Security numbers',
                                              'Financial account details',
                                              'Credit/debit card numbers',
                                              'Driver’s license numbers']},
 'date_detected': '2025-08',
 'date_publicly_disclosed': '2026-04-17',
 'description': 'M&T Bank disclosed a data breach stemming from a security '
                'incident at third-party law firm Gelinas & Ward LLP, exposing '
                'sensitive customer data including Social Security numbers, '
                'financial account details, credit/debit card numbers, and '
                'driver’s license numbers.',
 'impact': {'data_compromised': 'Social Security numbers, financial account '
                                'details, credit/debit card numbers, driver’s '
                                'license numbers',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High',
            'systems_affected': 'Gelinas & Ward LLP systems'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'root_causes': 'Third-party law firm security '
                                           'incident'},
 'references': [{'source': 'M&T Bank Disclosure'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to '
                                                       'Massachusetts Office '
                                                       'of Consumer Affairs '
                                                       'and Business '
                                                       'Regulation'},
 'response': {'communication_strategy': 'Notification letters sent to impacted '
                                        'customers, dedicated helpline '
                                        'established',
              'incident_response_plan_activated': 'Yes',
              'recovery_measures': 'Credit monitoring services offered to '
                                   'affected customers',
              'remediation_measures': 'Collaborative review with Gelinas & '
                                      'Ward to assess scope'},
 'title': 'M&T Bank Third-Party Data Breach Affecting Customer Information',
 'type': 'Data Breach'}

M&T Bank and Gelinas & Ward LLP: M&T Bank Data Breach: Sensitive Personal Information Exposed

Nisos: Security Breach: Rayn Lasalle

PyTorch Lightning and Anthropic: PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Delta Dental: Delta Dental agrees to pay $2.25m to resolve New York allegations over data breach