Threat actors stole Social Security numbers, addresses and account numbers of home mortgage holders at KeyBank, the Associated Press (AP) has reported.
The breach was alledgedly caused by third-party vendor Overby-Seawell, a firm providing multiple corporate clients, including KeyBank, with insurance services.
According to AP, the hackers acquired the information on July 5 after breaking into Overby-Seawell computers. At the time of writing, KeyBank did not clarify how many of its customers were affected by the breach.
The company did, however, publicly apologize on social media over the weekend to customers and offered two years of free Equifax identity protection as compensation.
"All of us at Key deeply regret that this incident occurred. Your business means a great deal to us, and keeping your personal information safe and secure is extremely important. Please let us know if you have any questions regarding the letter. Feel free to DM us," the firm said.
Since the message, KeyBank has locked its direct message on Twitter. Further, the bank said it is investigating the Overby-Seawell breach.
"We're working with the vendor to confirm they are addressing the root causes of this incident to prevent a similar event from occurring in the future," wrote KeyBank on Twitter.
"We encourage you to take advantage of the services in the letter received. It provides the steps you need to take to enroll."
In the meantime, both KeyBank and Overby-Seawell have been named in a proposed class action lawsuit over the data breach.
The lawsuit highlights that this type of personal information can be utilized on its own and in conjunction with other personal details to "perpetuate crimes" against consumers and consequently cause significant damage to their money, property, credit and reputation.
"Had defendants properly maintained their systems and adequately protected them, they could have prevented the Data Breach," the complaint claims.