- A US bank notified some customers on Friday that their personal information had been inadvertently shared by a third-party vendor, according to letter sent to the California Attorney General’s website.
- On September 27, a third-party collection recovery group inadvertently shared the names, addresses, Social Security numbers, birthdays, closed account numbers and outstanding balances of approximately 11,000 customers, a US Bank spokesperson told Banking Dive.
- The bank discovered the error immediately and all file recipients agreed to cooperate with US Bank in obtaining the information, the bank said.
The scope of the breach was small: The incident involved only 11,000 customers whose credit card accounts were closed and data was shared from one of the bank’s third-party vendors to another collection agency.
An employee noticed the issue immediately, the spokesperson said, and the information was protected and destroyed. The bank has received a certificate of information destruction.
US banks do does not believe the incident will cause any further risk to customer data, but it is providing those affected with free credit monitoring for two years. The bank also recommends that customers put fraud alerts on their credit cards and “remain vigilant.”
“Again, given the circumstances, we do not believe there is any risk to this customer; however, we are taking these steps out of an abundance of caution,” the spokesman said.
The US Bank breach was smaller than other cybersecurity problems in 2022, including the Flagstar Bank breach that affected 1.5 million customers this summer and the Credit Suisse data leak in the winter that affected about 18,000 accounts.