Community Bank, a regional financial institution serving Pennsylvania, Ohio, and West Virginia, has confirmed a significant cybersecurity breach. The incident involved the unauthorized exposure of sensitive customer information, including full names, dates of birth, and Social Security numbers, after data was funneled into an artificial intelligence application.
The Security Breach: What We Know
The bank officially disclosed the lapse in an 8-K filing submitted to the U.S. Securities and Exchange Commission on May 7. According to the document, the exposure stemmed from the use of an “unauthorized artificial intelligence-based software application.”
While the bank has not released specific details regarding the mechanics of the incident, the filing suggests that an employee may have uploaded private customer records directly into an online AI chatbot. This action potentially granted the chatbot provider unauthorized access to highly sensitive, non-public data.
Corporate Response and Customer Impact
Community Bank emphasized that the decision to publicly report the event was driven by the “volume and sensitive nature” of the compromised information. Despite the severity of the disclosure, the institution has remained tight-lipped regarding the total number of affected individuals and the identity of the specific AI tool involved.
Currently, the bank is conducting an internal audit to evaluate the full scope of the affected data. They have committed to sending formal notifications to impacted customers in accordance with state and federal data privacy laws. Requests for additional comment from Community Bank CEO John Montgomery regarding the incident have gone unanswered.
The Rising Risk of AI in Finance
The incident, first reported by The Register, highlights the growing tension between corporate data security and the rapid adoption of generative AI tools. As financial organizations navigate the integration of new technologies, the risk of human error leading to massive data leaks remains a primary concern for regulators and cybersecurity experts alike.