Community Bank, with operations across Pennsylvania, Ohio, and West Virginia, has reported a significant cybersecurity incident involving the exposure of sensitive customer data, including names, dates of birth, and Social Security numbers.
SEC Filing Details Breach
According to a May 7 filing with the U.S. Securities and Exchange Commission, Community Bank revealed that the breach occurred due to the unauthorized use of an AI-based software application. The bank stated that it detected the exposure because of the sensitive nature and volume of the non-public information compromised.
Unclear Details and Response
While the exact circumstances remain uncertain, the language in the filing suggests that a bank employee might have inadvertently uploaded customer data to an AI chatbot, potentially exposing it to the chatbot's developers. Community Bank has not specified the number of affected customers or identified the AI application involved.
The bank is currently evaluating the impacted customer data and is issuing notifications in compliance with applicable laws. Community Bank's CEO, John Montgomery, has not yet responded to requests for comment from TechCrunch.
First Reported by The Register
The Register initially reported the security lapse, highlighting the bank's proactive disclosure. The incident underscores the growing challenges financial institutions face in safeguarding customer data amid increasing reliance on digital tools and technologies.
Community Bank is now tasked with addressing the breach's repercussions and ensuring enhanced data protection measures to prevent future incidents.
Source: https://techcrunch.com/2026/05/12/u-s-bank-disclose-security-lapse-after-sharing-customer-data-with-ai-app/




