A community bank with operations in Pennsylvania, Ohio, and West Virginia has disclosed a cybersecurity incident in which customers' names, dates of birth, and Social Security numbers were compromised.
The bank said in an 8-K filing with the U.S. Securities and Exchange Commission dated May 7 that it detected a breach of customers' personal data through the use of “unauthorized artificial intelligence-based software applications.”
The bank said it disclosed the incident “given the amount and sensitivity of the non-public information at issue.”
It's unclear what exactly happened, but based on the wording of the filing, it appears that someone working for the community bank may have uploaded customer data to an online AI chatbot, which then made the information available to the chatbot maker.
The community bank did not say how many customers were affected by the incident or what AI applications were involved, but said it was “evaluating the affected customer data” and sending notifications in accordance with relevant laws.
Community Bank CEO John Montgomery did not immediately respond to TechCrunch's request for comment.
The Register was the first to report the security lapse.