Flagship Bank Data Breach Exposes Social Security Numbers

On May 7, 2025, West Florida Banking Corporation (operating as Flagship Bank) discovered suspicious activity within its computer environment. An investigation revealed that unauthorized access had occurred on April 15, 2025, as a result of a social engineering scheme.

This incident allowed an unauthorized party to gain access to sensitive internal systems. The breach has affected a total of 3,996 individuals across the United States, including two residents in Maine, three in New Hampshire, and six in Rhode Island, according to disclosures filed with state attorneys general.

The compromised information included personally identifiable information (PII) such as names, Social Security numbers, and financial account information.

The review of affected systems was extensive and only recently concluded, prompting the company to notify impacted individuals in writing on Feb. 13, 2026.

For further details, readers can review the official data breach notification on the Maine Attorney General’s website and the New Hampshire Attorney General’s website.

West Florida Banking Corporation's response

Upon discovering the breach, West Florida Banking Corporation acted quickly to secure its network and launched a comprehensive investigation. The company notified federal law enforcement and began reviewing all relevant systems to identify the scope of the incident and the individuals affected. In response to the breach, the bank has implemented additional administrative and technical safeguards and provided enhanced cybersecurity training to its employees to help prevent similar incidents in the future.

For those affected, West Florida Banking Corporation is offering twelve months of complimentary credit monitoring and identity restoration services through TransUnion’s Cyberscout. Impacted individuals are encouraged to enroll in these services within 90 days of receiving their notification letter. The bank has also provided detailed guidance on protecting against identity theft and fraud, including instructions on how to obtain free credit reports, place fraud alerts or security freezes on credit files, and contact the three major credit bureaus.

Given that the breach resulted from a social engineering scheme, affected individuals should remain vigilant for any suspicious activity on their financial accounts and credit reports. The company’s written notice includes resources and contact information for further assistance, as well as steps to take if identity theft or fraud is suspected.