Breach taxonomy
Summary
In March 2025, MainStreet Bancshares was notified that an outside vendor to its core banking system had been compromised. The company activated its incident response process and initially assessed the incident as likely non-material. A completed review on April 28, 2025 determined that the third-party vendor's compromised system included personally identifiable information on approximately 4.65% of MainStreet's customer base. The company confirmed that its own IT systems and networks were not compromised, no unauthorized transactions were executed, and customers were able to continue banking normally. Filed under Item 8.01; materiality not yet determined as of filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsData ExfilSupply Chain
The breach originated at a third-party core banking vendor that was compromised, enabling access to customer PII → DATA-EXFIL + SUPPLY-CHAIN.