Community Bank, operating in Pennsylvania, Ohio, and West Virginia, revealed a cybersecurity breach exposing customer names, birthdates, and Social Security numbers.
In an 8-K filing on May 7 with the U.S. Securities and Exchange Commission, the bank reported that the exposure of customer data resulted from using “an unauthorized artificial intelligence-based software application.”
The bank highlighted the incident’s disclosure due to the significant volume and sensitivity of the non-public information involved.
Though specific details remain unclear, it seems an employee may have uploaded customer data to an online AI chatbot, possibly exposing the data to the chatbot provider.
Community Bank did not specify the number of affected customers or the AI application involved but mentioned it is “evaluating the customer data that was affected” and is notifying individuals as required by law.
Community Bank’s CEO, John Montgomery, did not promptly respond to TechCrunch’s request for comment.
The Register initially reported the security lapse.