West Plains Bank and Trust Company

West Plains Bank and Trust Company suffered a data breach between August 14, 2021, and September 7, 2021, caused by unauthorized access to an employee’s email account. The incident exposed sensitive personal information, including Social Security numbers, affecting 2,321 individuals, with at least one confirmed Maine resident impacted. The breach posed a significant risk of identity theft, prompting the bank to offer 12 months of identity theft protection services to affected individuals. The compromised data, which included highly sensitive identifiers, heightened concerns over potential fraud and financial exploitation for the victims. The breach was reported to the Maine Office of the Attorney General, underscoring its severity and regulatory implications. While the exact method of unauthorized access was not detailed, the incident highlighted vulnerabilities in email security protocols, particularly concerning employee accounts with access to customer data.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/838da3c0-7179-42c7-acd1-49ebf477a600.shtml

TPRM report: https://www.rankiteo.com/company/west-plains-bank-and-trust-company

"id": "wes033091825",
"linkid": "west-plains-bank-and-trust-company",
"type": "Breach",
"date": "8/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 2321,
                        'industry': 'Banking',
                        'name': 'West Plains Bank and Trust Company',
                        'type': 'Financial Institution'}],
 'attack_vector': 'Unauthorized Access (Employee Email Account)',
 'customer_advisories': ['Offered 12 months of identity theft protection '
                         'services'],
 'data_breach': {'number_of_records_exposed': 2321,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social Security numbers']},
 'date_resolved': '2021-09-07',
 'description': 'The Maine Office of the Attorney General reported that West '
                'Plains Bank and Trust Company experienced a data breach from '
                'August 14, 2021, to September 7, 2021, due to unauthorized '
                'access to an employee email account, impacting a total of '
                '2,321 individuals and one Maine resident specifically. The '
                'exposed information included Social Security numbers, and '
                'identity theft protection services for twelve months were '
                'offered to affected individuals.',
 'impact': {'data_compromised': ['Social Security numbers'],
            'identity_theft_risk': 'High (Social Security numbers exposed)',
            'systems_affected': ['Employee Email Account']},
 'initial_access_broker': {'entry_point': 'Employee Email Account'},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'remediation_measures': ['Offered 12 months of identity theft '
                                       'protection services to affected '
                                       'individuals']},
 'title': 'West Plains Bank and Trust Company Data Breach (2021)',
 'type': 'Data Breach'}