Summit State Bank

The California Office of the Attorney General disclosed a data breach at Summit State Bank on March 28, 2024, stemming from unauthorized access to an employee’s email account between October 16, 2023, and October 25, 2023. The incident exposed personal information of affected individuals, though the exact nature and scope of the compromised data (e.g., financial records, customer details, or employee records) were not explicitly detailed in the report. The breach highlights vulnerabilities in email security protocols, potentially enabling threat actors to exploit sensitive communications or attached documents. While the bank likely initiated containment measures such as securing the account, investigating the intrusion, and notifying regulators the incident underscores risks associated with phishing, credential theft, or insider negligence. The exposure of personal data could lead to downstream consequences, including identity theft, fraud, or reputational harm for both the bank and the impacted individuals. No evidence suggests ransomware or systemic disruption, but the breach’s focus on an employee email account suggests a targeted compromise of internal systems.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-583180

TPRM report: https://www.rankiteo.com/company/summit-bank-oakland

"id": "sum451082125",
"linkid": "summit-bank-oakland",
"type": "Breach",
"date": "10/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Banking',
                        'location': 'California, USA',
                        'name': 'Summit State Bank',
                        'type': 'Financial Institution'}],
 'attack_vector': 'Unauthorized Access (Email Account Compromise)',
 'data_breach': {'data_exfiltration': 'Potential',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information']},
 'date_publicly_disclosed': '2024-03-28',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Summit State Bank on March 28, 2024. The '
                'breach occurred due to unauthorized access to an employee '
                'email account between October 16, 2023, and October 25, 2023, '
                'potentially exposing personal information of affected '
                'individuals.',
 'impact': {'data_compromised': ['Personal Information'],
            'identity_theft_risk': 'Potential',
            'systems_affected': ['Employee Email Account']},
 'initial_access_broker': {'entry_point': 'Employee Email Account'},
 'references': [{'date_accessed': '2024-03-28',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'Summit State Bank Data Breach via Unauthorized Email Access',
 'type': 'Data Breach'}

Summit State Bank

Pax8: Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners

Kaiser Permanente: Kaiser Permanente reaches $46 million settlement over data breach — how to file your claim

Grubhub: Grubhub confirms hackers stole data in recent security breach