First National Bank of Clarksdale, a Mississippi-based community bank, suffered a targeted cyberattack between June 4–5, 2025, where an unauthorized actor infiltrated its network and exfiltrated files containing sensitive customer data. A forensic review confirmed the breach on September 8, 2025, revealing that compromised information included names, Social Security numbers, and financial account numbers high-risk personally identifiable information (PII) with potential for identity theft, fraud, or financial exploitation. Affected individuals were notified via mail on September 24, 2025, and the incident was reported to regulatory bodies, including the Maine and Massachusetts Attorney Generals’ offices. The breach exposed customers to long-term risks, including unauthorized account access, credit fraud, and phishing attacks. In response, the bank offered 12 months of free identity monitoring (Epiq Privacy Solutions) and advised victims to implement fraud alerts, monitor financial statements, and seek legal recourse. Class-action law firm Shamis & Gentile P.A. is investigating potential compensation claims for damages, including out-of-pocket expenses, time spent mitigating harm, and emotional distress. The incident underscores vulnerabilities in financial sector cybersecurity, particularly for regional institutions handling high-value PII.
Source: https://www.claimdepot.com/investigations/first-national-bank-of-clarksdale-data-breach-2025
TPRM report: https://www.rankiteo.com/company/mississippi-bankers-association
"id": "mis3093230092525",
"linkid": "mississippi-bankers-association",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'location': 'Clarksdale, Mississippi, USA (with '
'branches in Oxford, Mississippi as Bank '
'of Oxford)',
'name': 'First National Bank of Clarksdale',
'type': 'Community Bank'}],
'customer_advisories': ['Notification letters mailed on 2025-09-24.',
'Offer of 12 months of free identity monitoring via '
'Epiq Privacy Solutions ID.',
'Recommendations to place fraud alerts and monitor '
'credit reports.'],
'data_breach': {'data_exfiltration': 'Yes (files containing account '
'information were obtained)',
'personally_identifiable_information': ['Name',
'Social Security '
'number'],
'sensitivity_of_data': 'High (includes SSNs and financial '
'account numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2025-09-08',
'date_publicly_disclosed': '2025-09-24',
'description': 'First National Bank of Clarksdale experienced a data breach '
"where a cybercriminal accessed the bank's computer network "
'between June 4 and June 5, 2025, and obtained files '
'containing sensitive customer information, including names, '
'Social Security numbers, and financial account numbers. The '
'breach was discovered on September 8, 2025, and affected '
'individuals were notified by mail on September 24, 2025.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive customer data',
'data_compromised': ['Name',
'Social Security number',
'Financial account number'],
'identity_theft_risk': 'High (due to exposure of PII and financial '
'data)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'for affected individuals',
'payment_information_risk': 'High (financial account numbers '
'exposed)',
'systems_affected': ['Computer network']},
'initial_access_broker': {'high_value_targets': ['Customer account '
'information']},
'investigation_status': 'Ongoing (class-action investigation by Shamis & '
'Gentile P.A.)',
'post_incident_analysis': {'corrective_actions': ['Provided identity '
'monitoring services to '
'affected customers',
'Notified regulatory '
'authorities']},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': ['Enroll in the 12 free months of Epiq Privacy Solutions '
'ID identity monitoring services provided by the bank.',
'Monitor financial statements regularly for suspicious '
'activity or unauthorized transactions.',
'Place a fraud alert on credit reports to prevent '
'unauthorized account openings.',
'Request free annual credit reports from major credit '
'bureaus.',
'Seek legal assistance if affected to pursue compensation '
'for damages.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Announcement'},
{'source': 'First National Bank of Clarksdale Customer '
'Notification (Mail, 2025-09-24)'},
{'source': "Maine Attorney General's Office Breach Report"},
{'source': "Massachusetts Attorney General's Office Breach "
'Report'}],
'regulatory_compliance': {'legal_actions': 'Potential class-action lawsuits '
'(investigation ongoing by Shamis '
'& Gentile P.A.)',
'regulatory_notifications': ['Maine Attorney '
"General's Office",
'Massachusetts '
"Attorney General's "
'Office']},
'response': {'communication_strategy': ['Direct mail notifications to '
'affected customers',
'Public disclosure via legal '
'investigation announcements'],
'incident_response_plan_activated': 'Yes (review conducted after '
'unauthorized access '
'detected)',
'recovery_measures': ['Offered 12 months of free identity '
'monitoring via Epiq Privacy Solutions ID'],
'remediation_measures': ['Notification to affected individuals '
'(mail sent on 2025-09-24)',
'Reporting to Maine and Massachusetts '
"Attorney Generals' offices"]},
'stakeholder_advisories': 'Affected individuals advised to enroll in identity '
'monitoring and monitor financial accounts.',
'threat_actor': 'Cybercriminal (unknown)',
'title': 'First National Bank of Clarksdale Data Breach (2025)',
'type': 'Data Breach'}