The Citizens Bank Data Breach Exposes Social Security Numbers

On June 13, 2025, The Citizens Bank, a locally owned and operated community bank in South Carolina, discovered suspicious activity in its email environment. According to the bank’s official notice of data event, an investigation revealed that files within the bank’s email system were accessed or potentially accessed between June 12 and June 14, 2025.

The investigation, conducted with third-party forensic specialists, determined that unauthorized parties may have obtained access to sensitive information stored in those files.

The bank disclosed the types of information exposed are extensive and include Social Security numbers, financial account information, payment card information, driver’s license numbers, taxpayer identification numbers, medical information, and passport numbers. This means both personally identifiable information (PII) and, for some individuals, protected health information (PHI) were at risk.

The breach’s severity is heightened by the range of sensitive data involved and the fact that the unauthorized access occurred through the email environment, which can be particularly vulnerable to phishing and credential compromise.

The Citizens Bank's response

Upon discovering the incident, The Citizens Bank immediately launched an internal investigation, bringing in third-party computer forensic specialists to determine the full scope of the breach. The bank secured its systems, reviewed the affected data for sensitive information, and began notifying individuals whose information may have been exposed. As part of its response, the bank is offering complimentary credit monitoring services to affected individuals.

The bank recommends all potentially impacted individuals remain vigilant by reviewing account statements and monitoring their free credit reports for suspicious activity over the next 12 to 24 months. Individuals are encouraged to consider placing a fraud alert or credit freeze on their credit files. The bank’s notice provides detailed contact information for the three major credit bureaus a well as guidance on how to request credit reports and implement additional protections.

Further, the bank is reviewing and updating its policies, procedures, and processes related to the storage and access of personal information in order to reduce the likelihood of a similar event in the future. Notifications have also been sent to applicable regulatory authorities as required.

For questions or assistance, affected individuals can contact the bank at 844-354-4138, Monday through Friday, 8 a.m. to 5:30 p.m. Central Time, excluding U.S. holidays. Additional resources and steps to protect personal information are outlined in the official notice linked above.