Sound Community Bank, a Seattle-based community bank, recently disclosed a data breach that affected the personal information of more than 5,500 individuals. According to the notice, personally identifiable information (PII) of customers may have been exposed.
On Aug. 14, 2025, this vendor experienced a cybersecurity incident that led to unauthorized access of sensitive consumer data. After investigating the breach, the vendor notified Sound Community Bank on Oct. 27, 2025, that client information may have been compromised.
So far, the breach has impacted at least 5,503 people in Washington and four in Massachusetts, according to filings with the respective state attorney general offices. The exposed information includes names, Social Security numbers, full dates of birth, and financial account numbers. This data is considered personally identifiable information (PII) and is highly sensitive, as it can be used for identity theft or financial fraud.
Beginning on Oct. 29, 2025, the bank disclosed the cyber security breach to the Attorney General's offices in Massachusetts and Washington.
Sound Community Bank’s response
In response to the incident, Sound Community Bank has taken several steps to address the breach and protect its clients. The bank is actively working with the vendor to obtain additional information about the breach and is reviewing the vendor’s security practices. They have also notified law enforcement and engaged cybersecurity experts to assist with the i
Source: https://www.claimdepot.com/data-breach/sound-community-bank-2025
Sound Community Bank cybersecurity rating report: https://www.rankiteo.com/company/sound-community-bank
"id": "SOU1764872123",
"linkid": "sound-community-bank",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5503 (Washington), '
'4 (Massachusetts)',
'industry': 'Financial Services',
'location': 'Seattle, Washington',
'name': 'Sound Community Bank',
'size': None,
'type': 'Bank'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': '5507',
'personally_identifiable_information': 'Names, '
'Social '
'Security '
'numbers, '
'full '
'dates of '
'birth, '
'financial '
'account '
'numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally '
'Identifiable '
'Information (PII)'},
'date_detected': '2025-08-14',
'date_publicly_disclosed': '2025-10-29',
'description': 'Sound Community Bank disclosed a data breach '
'affecting the personal information of more than '
'5,500 individuals after a vendor experienced a '
'cybersecurity incident leading to unauthorized '
'access of sensitive consumer data.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personally identifiable '
'information (PII) including '
'names, Social Security numbers, '
'full dates of birth, and '
'financial account numbers',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Reviewing '
'vendor’s '
'security '
'practices',
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'State Attorney General filings',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Yes '
'(Attorney '
'General '
'offices '
'in '
'Massachusetts '
'and '
'Washington)'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notifications to '
'Attorney General offices '
'in Massachusetts and '
'Washington',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': 'Yes',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': 'Cybersecurity experts'},
'title': 'Sound Community Bank Data Breach',
'type': 'Data Breach'}