Bank3 Data Breach Exposes Clients' SSNs and Financial Information

Bank3, a community bank headquartered in Memphis, Tennessee, disclosed a data breach involving unauthorized access to its computer network.

The breach was first reported to the Maine Attorney General. Bank3 discovered the breach on Feb. 4, 2026, and is notifying affected consumers in writing on April 15, 2026.

What happened in the Bank3 data breach

An unauthorized actor accessed the bank's systems at various times between July 25, 2025, and Aug. 7, 2025. During that period, certain information stored within those systems was viewed or copied by the unknown actor.

Bank3 first became aware of suspicious activity within its computer network on Aug. 20, 2025. The company took steps to secure its systems and launched an investigation with the assistance of third-party forensic specialists.

On Oct. 13, 2025, a ransomware group known as Qilin posted a claim on the dark web. The group asserted it had obtained 149 GB of data from Bank3, which it claimed comprised the bank's entire data set. The stolen data allegedly included personal and financial information for all clients as well as the bank's internal financial data.

Bank3 conducted a comprehensive review of the data to identify affected individuals and the compromised data types.

The types of personal information exposed in the breach included names, dates of birth, Social Security numbers, taxpayer identification numbers, driver's license or state identification numbers, financial account information, payment card information and health insurance information.

Bank3's response to the breach

Bank3 is offering affected individuals 12 months of free credit monitoring and identity theft protection services through Cyberscout, a TransUnion company, at no cost. Enrollment must be completed within 90 days of the letter date.

The bank has set up a dedicated phone line for individuals who have questions about the incident. The line is available from 7:00 a.m. to 7:00 p.m. CST, Monday through Friday, excluding major U.S. holidays.

Affected individuals may also write to Bank3 at 5210 Poplar Ave., Suite 100, Memphis, TN 38119.

Steps to take if your information was exposed

• Place a credit freeze on your credit file. Contact Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-800-916-8800) to prevent new accounts from being opened without your authorization.
• Consider placing a fraud alert. A fraud alert requires businesses to take extra steps to verify your identity before extending new credit and can be placed by contacting any one of the three major credit bureaus.
• Request and review your free credit reports. Visit AnnualCreditReport.com to obtain free annual credit reports from each bureau and check them for any unfamiliar accounts or inquiries.
• Monitor your financial accounts closely. Because financial account and payment card information were exposed, review bank and credit card statements regularly for unauthorized charges or suspicious activity.
• Be cautious of phishing attempts. Watch out for emails, phone calls or text messages that reference Bank3 or this breach by name, as scammers commonly use real breach events to trick people into sharing additional personal information.
• Report suspected identity theft promptly. If you notice signs of fraud or identity theft, file a complaint with the Federal Trade Commission at identitytheft.gov or by calling 1-877-438-4338 and consider filing a report with local law enforcement.