The Maine Attorney General's Office disclosed a data breach at TBK Bank on March 16, 2022, stemming from unauthorized access to an employee’s email account between December 1-6, 2021. The incident exposed the personal information of three Maine residents, including names and Social Security numbers (SSNs) highly sensitive data that could facilitate identity theft or financial fraud. While the breach was limited in scope (affecting only three individuals), the nature of the compromised data (SSNs) elevates the risk of long-term harm, such as credit fraud or unauthorized account openings.TBK Bank responded by offering complimentary credit monitoring to the affected individuals, a standard remedial measure for breaches involving personally identifiable information (PII). The attack vector compromised employee email credentials suggests a likely phishing or credential-stuffing attack, though the exact method was not specified. The delayed disclosure (nearly three months after the breach) may also raise concerns about incident response timeliness, though regulatory requirements for notification vary by jurisdiction.While the breach did not result in confirmed misuse of the data, the exposure of SSNs alone warrants significant concern due to their permanent association with individuals’ financial and governmental records.
TPRM report: https://www.rankiteo.com/company/tbk-bank
"id": "tbk954091725",
"linkid": "tbk-bank",
"type": "Breach",
"date": "12/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 3,
'industry': 'Banking',
'location': 'United States (affecting Maine residents)',
'name': 'TBK Bank',
'type': 'Financial Institution'}],
'attack_vector': 'Compromised Email Account',
'customer_advisories': ['Complimentary credit monitoring offered to affected '
'individuals'],
'data_breach': {'data_exfiltration': 'Potential (unauthorized access to '
'email)',
'file_types_exposed': ['Email content (potential '
'attachments)'],
'number_of_records_exposed': 3,
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2022-03-16',
'description': "The Maine Attorney General's Office reported a data breach "
'involving TBK Bank on March 16, 2022. The breach involved '
"unauthorized access to an employee's email account between "
'December 1-6, 2021, potentially affecting the personal '
'information of three Maine residents, including names and '
'Social Security numbers. TBK Bank is offering complimentary '
'credit monitoring to the affected individuals.',
'impact': {'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (SSNs exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'references': [{'date_accessed': '2022-03-16',
'source': "Maine Attorney General's Office"}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
"General's Office"]},
'response': {'communication_strategy': ['Notification via Maine Attorney '
"General's Office"],
'remediation_measures': ['Complimentary credit monitoring for '
'affected individuals']},
'title': 'TBK Bank Email Account Data Breach (2021)',
'type': 'Data Breach (Unauthorized Email Access)'}