A bank in the US has notified an unspecified number of its 3 million customers of a recent data breach involving the potential compromise of their personal data.
In an e-mailed statement to a query regarding the incident, a spokesman for the Commerce Bank only confirmed that a "security matter" had taken place recently that impacted "only a small segment" of its three million customers.
Without referring to what happened, the statement said that immediate actions had been taken to address "this matter," including an extensive internal investigation by the bank's corporate security team as well as notification about the incident to federal and state law enforcement authorities.
The email alluded to a letter sent by the bank to the affected customers, but did not say what information on them might have been compromised in the incident.
"If customers did not receive a specific letter regarding this incident there is no need for them to be concerned," the statement said.
Local media reports suggested that the compromise resulted when a bank employee apparently handed over customer information such as Social Security numbers and account information to an external third party. There was no indication, however, whether that happened inadvertently or was the result of a malicious action on the part of the employee.
One blogger on LiveJournal who claimed to be a customer of the bank said that a Commerce Bank representative had told her about 3,000 people had been affected in the incident. According to the blogger, her first indication that her account had been compromised came when she tried using her ATM card last week to withdraw some money and her card was rejected. A message on the transaction record indicted that her card had been retained by the bank though the card was still in her possession.
She claimed that bank representatives told her the card had been closed but offered no explanation, and asked her instead to come to the bank to get a new card. It was only after she mentioned seeing media reports about a security incident at Commerce Bank a few days later that a bank representative finally told her that if she had been impacted she would receive a letter in the mail shortly. The blogger claimed she had heard nearly identical stories from several others.
Commerce was targeted by hackers earlier in the year. According to reports earlier in the fall, the bank was able to deflect most of a hacking attempt on its database, but not before some customer information was divulged.
The Commerce Bank spokesman who confirmed the breach did not respond immediately to a request for comment on the claims made by the blogger, and there has been no claim that the two attacks are related.