Reading Cooperative Bank

The Maine Office of the Attorney General disclosed a data breach at Reading Cooperative Bank, discovered on January 31, 2025, but originating from an external phishing incident on August 8, 2024. The breach compromised personally identifiable information (PII) of 24,041 individuals, including 89 Maine residents. The exposed data likely included sensitive personal details, though the exact nature (e.g., financial records, Social Security numbers, or contact information) was not explicitly outlined. The incident stemmed from a successful phishing attack, a common vector for unauthorized access, where threat actors deceived employees into divulging credentials or executing malicious payloads. While the bank took steps to mitigate the fallout such as notifying affected parties and coordinating with regulatory bodies the breach underscores vulnerabilities in employee awareness and email security protocols. The delayed detection (nearly five months between the breach and discovery) further exacerbates risks, as prolonged exposure increases the potential for fraud, identity theft, or secondary attacks. No ransomware was reported, but the scale and sensitivity of the leaked data suggest significant reputational and operational consequences for the bank.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/9ea6cc74-3259-495c-88c6-4f7594256001.html

TPRM report: https://www.rankiteo.com/company/reading-co-operative-bank

"id": "rea955091725",
"linkid": "reading-co-operative-bank",
"type": "Breach",
"date": "8/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 24041,
                        'industry': 'Banking',
                        'location': 'Massachusetts, USA (with impact on Maine '
                                    'residents)',
                        'name': 'Reading Cooperative Bank',
                        'type': 'Financial Institution'}],
 'attack_vector': 'Phishing',
 'data_breach': {'number_of_records_exposed': 24041,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII)'},
 'date_detected': '2025-01-31',
 'date_publicly_disclosed': '2025-02-24',
 'description': 'The Maine Office of the Attorney General reported a data '
                'breach involving Reading Cooperative Bank, discovered on '
                'January 31, 2025. The breach occurred on August 8, 2024, due '
                'to an external phishing incident impacting 24,041 '
                'individuals, including 89 Maine residents, with potentially '
                'compromised personally identifiable information (PII).',
 'impact': {'data_compromised': ['Personally Identifiable Information (PII)'],
            'identity_theft_risk': 'Potential'},
 'initial_access_broker': {'entry_point': 'Phishing'},
 'post_incident_analysis': {'root_causes': 'Phishing attack leading to '
                                           'unauthorized access'},
 'references': [{'date_accessed': '2025-02-24',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'communication_strategy': 'Public disclosure via Maine Office of '
                                        'the Attorney General'},
 'title': 'Data Breach at Reading Cooperative Bank',
 'type': 'Data Breach'}