Citizens Bank has confirmed that the personal information of thousands of its customers was compromised in a data breach linked to a third-party vendor, highlighting ongoing risks associated with external service providers in the financial sector. The exposed data includes sensitive details typically found on personal checks, such as customer names, addresses, and bank account numbers.

According to Citizens Bank spokesperson Rory Sheehan, there is no evidence that the bank’s internal systems were directly accessed by a malicious actor. However, he acknowledged that the incident originated from a vendor-related breach that affected a limited number of customers, raising concerns about third-party data security practices.

Sheehan stated that the bank has implemented enhanced monitoring measures and is actively notifying impacted customers with further guidance. He also noted that, at this stage, there have been no confirmed reports of fraud resulting from the compromised data. As a precaution, the bank is offering complimentary account monitoring services to affected individuals.

The breach reportedly involved data from multiple organizations handled by the vendor, though it remains unclear which other companies may have been impacted. The incident underscores the growing threat posed by supply chain vulnerabilities, where third-party providers can become entry points for sensitive customer data exposure.

Citizens Bank has urged customers to remain vigilant against potential scams, reiterating that it will never request online banking passwords or one-time passcodes through unsolicited emails, texts, or phone calls. Customers who receive suspicious communications are advised to contact their local bank branch directly to verify authenticity.

In addition to the breach, Citizens Bank is currently facing two class-action lawsuits alleging that a Russian cybercriminal posted the personal information of approximately 3.4 million customers on the dark web. Sheehan responded to these claims by stating that the allegations are “generally inaccurate.”

Peter Wasylyk, the attorney representing affected customers in the lawsuits, emphasized the importance of accountability in such cases. He stated that data breach class actions are intended to ensure organizations take responsibility for protecting sensitive information while providing impacted individuals with the resources needed to safeguard themselves.

The incident adds to a growing list of cybersecurity challenges facing financial institutions, where third-party risks and data protection responsibilities continue to come under increased scrutiny.

Recommended Cyber Technology News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com