On March 3, 2023, the California Office of the Attorney General disclosed a data breach involving Sterling Bank and Trust, stemming from an incident on January 26, 2023. The breach occurred when a FedEx courier service mishandled a package, resulting in physical damage and the loss of 1099 tax forms containing personal financial information. The compromised documents included sensitive financial details, though the exact number of affected individuals remains undisclosed. The incident highlights vulnerabilities in third-party logistics handling, where physical security lapses led to unintended data exposure. While no digital intrusion or malicious cyber activity was reported, the loss of tax-related financial records poses risks of identity theft, fraud, or unauthorized financial access for the impacted individuals. The bank has not confirmed whether the lost data was recovered or if affected parties were notified of potential misuse risks. The breach underscores the importance of secure document transportation protocols, especially for institutions handling high-sensitivity financial data.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-563870
TPRM report: https://www.rankiteo.com/company/sterling-bank-and-trust
"id": "ste030091825",
"linkid": "sterling-bank-and-trust",
"type": "Breach",
"date": "1/2023",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Banking',
'location': 'California, USA',
'name': 'Sterling Bank and Trust',
'type': 'Financial Institution'},
{'industry': 'Transportation',
'location': 'USA',
'name': 'FedEx (Courier Service)',
'type': 'Logistics'}],
'data_breach': {'data_exfiltration': 'No (physical loss)',
'file_types_exposed': ['Paper documents (1099 forms)'],
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Yes (likely included '
'in tax forms)',
'sensitivity_of_data': 'High (financial records)',
'type_of_data_compromised': ['Personal Financial Information '
'(1099 tax forms)']},
'date_detected': '2023-01-26',
'date_publicly_disclosed': '2023-03-03',
'description': 'On March 3, 2023, the California Office of the Attorney '
'General reported a data breach involving Sterling Bank and '
'Trust. The breach occurred on January 26, 2023, when a '
'courier service (FedEx) damaged a package containing 1099 tax '
'forms, leading to the loss of some files which contained '
'personal financial information. The number of individuals '
'affected is currently unknown.',
'impact': {'data_compromised': ['1099 tax forms (personal financial '
'information)'],
'identity_theft_risk': 'Potential (due to exposed personal '
'financial information)'},
'investigation_status': 'Ongoing (number of affected individuals unknown)',
'post_incident_analysis': {'root_causes': ['Physical mishandling of sensitive '
'documents by courier service']},
'references': [{'date_accessed': '2023-03-03',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California Consumer '
'Privacy Act (CCPA) or '
'other state/federal data '
'protection laws'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Sterling Bank and Trust Data Breach via Damaged Courier Package',
'type': 'Data Breach (Physical Loss)'}