Community Bank, a Pennsylvania-based financial institution, disclosed a data breach earlier this month that exposed customer names, social security numbers, and dates of birth, according to a filing with the U.S. Securities and Exchange Commission (SEC). The breach was caused internally after an unauthorized artificial intelligence-based software application was used to handle confidential customer information. The bank determined the event to be material on May 7, 2026, due to the volume and sensitive nature of the non-public information involved. The incident highlights growing cybersecurity risks from shadow AI, with a Verizon report showing that employee usage of unapproved AI tools surged from 15% to 45% in a single year, making it the third most common non-malicious data leakage activity.
Community Bank Initiates Investigation with External Advisors
Upon discovering the breach, Community Bank promptly took steps to secure the affected information and initiated an internal investigation with the assistance of external cybersecurity advisors, according to the SEC filing. The investigation into the incident, including the scope and root cause, remains ongoing.
SEC Filing Confirms No Disruption to Bank Operations
The incident did not involve a disruption to the bank's operations, customer access to accounts or services, payment systems, or core information technology infrastructure, Community Bank stated in its SEC filing. However, due to the volume and sensitive nature of the non-public information at issue, the company determined the event to be material on May 7, 2026.
Verizon Report Links Shadow AI to Rising Data Leakage Risks
The Community Bank disclosure comes amid a report by telecommunications giant Verizon indicating that the use of unauthorized AI applications on corporate devices is rising rapidly and increasing cybersecurity risks in many workplaces. Shadow AI, referring to employees using unapproved AI tools at work, is now the third most common non-malicious data leakage related activity, according to the report. Frequent usage of AI tools by employees has surged from 15% to 45% of employees in a single year, highlighting an elevated risk of data exfiltration associated with unapproved platforms.
FAQ
What caused the data breach at Community Bank?
The data breach was caused internally after an unauthorized artificial intelligence-based software application was used at the bank to handle confidential customer information, according to the SEC filing.
What customer information was exposed in the Community Bank breach?
The breach impacted customer names, social security numbers, and dates of birth, as disclosed in the bank's filing with the U.S. Securities and Exchange Commission.
Did the data breach disrupt Community Bank's operations?
No, the incident did not involve a disruption to the bank's operations, customer access to accounts or services, payment systems, or core information technology infrastructure, according to the SEC filing.
