Breach taxonomy
Summary
On May 5, 2026, Community Bank (subsidiary of CB Financial Services) discovered an internal incident in which non-public customer information was handled using an unauthorized AI-based software application. The Bank determined the event material on May 7, 2026 due to the volume and sensitivity of data involved, which included customer names, Social Security numbers, and dates of birth. The incident did not disrupt operations, customer account access, payment systems, or core IT infrastructure. The Bank engaged external cybersecurity advisors, notified regulators, and is conducting required customer notifications.
Tagging rationale
ThreatNon Priv Insider
Filing characterizes the event as an 'internal incident involving the handling of certain non-public customer information using an unauthorized artificial intelligence-based software application,' indicating an insider used unauthorized tooling rather than an external attacker. No indication of privileged/admin access misuse -> NON-PRIV-INSIDER.