Bank Shares Customer Data with AI App: A Cybersecurity Incident Unveiled

When security measures fail, the consequences can be severe. Community Bank, operating in Pennsylvania, Ohio, and West Virginia, recently disclosed a cybersecurity incident that saw sensitive personal data of its customers compromised. The bank detected this exposure due to the misuse of an unauthorized artificial intelligence-based software application, which is a stark reminder of how vulnerabilities in tech usage can lead to significant breaches.

The disclosure came via an 8-K filing on May 7 with the U.S. Securities and Exchange Commission (SEC). In the document, Community Bank stated that the incident involved exposing customers’ names, dates of birth, and Social Security numbers. While the bank did not specify how many customers were affected or identify the AI application in question, it assured customers that it is currently evaluating the data compromised and will notify them according to relevant laws.

The incident highlights a troubling scenario where an employee may have inadvertently uploaded customer data to an online AI chatbot platform. This action, while seemingly benign at first glance, could have severe repercussions if not properly managed. Community Bank’s CEO, John Montgomery, did not immediately respond to TechCrunch's request for comment.

The Register was the first to report on this security lapse, emphasizing the importance of secure data handling practices in an increasingly digitized world. As AI applications become more prevalent, it is crucial for businesses and individuals alike to remain vigilant about where and how sensitive information is shared.