Call Us

Kitsap Bank Data Breach

Posted on behalf of Arnold Law Firm on December 2, 2022 in Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from Kaye-Smith or Kitsap Bank, contact the Arnold Law Firm at 916-777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

Kitsap data breach On or about September 16, 2022, Kaye-Smith, on behalf of Kitsap Bank (“Kitsap”), sent a Data Breach Letter (“Breach Letter”) to customers of Kitsap informing them that their names, addresses, and loan numbers had been stolen from Kaye-Smith by hackers during a ransomware attack (“data breach”). Kaye-Smith is a third-party mailing service provider for Kitsap, and they process the personal information of Kitsap customers.

The data breach took place starting on or around May 18, 2022 through on or about June 9, 2022. In June 2022, Kaye-Smith, “engaged outside experts to help investigate suspicious activity relating to its operating environment.” The Breach Letter states a “discrete number of files were compromised as a part of a ransomware attack by a bad actor, with available logs identifying the first suspicious activity in late May 2022.” The subsequent Kaye-Smith “review” determined that names, addresses, and account numbers were “potentially affected” by the data breach.

With respect to stolen “account numbers” and other financial information, the Maine Attorney General provides more specificity: “financial account number or credit/debit card number (in combination with security code, access code, password or PIN for the account).” Although the Breach Letter does not specify when the breach was discovered, the Maine Attorney General’s website states (based on information provided by Kaye-Smith’s lawyer) that the data breach was ultimately discovered on August 9, 2022.

Kitsap Bank is a regional bank started in 1908 located at 619 Bay Street, Port Orchard, Washington 98366. It has twenty-two locations all of which are in Washington State.

The data of over 13,534 individuals was compromised by this data breach. If you received a Breach Letter from Kaye-Smith or Kitsap, you were impacted by the data breach.

Kaye-Smith/Kitsap has offered data breach victims 12 months of Equifax credit monitoring services.

WHAT INFORMATION IS INVOLVED?

According to Kaye-Smith and Kitsap, the following information was exposed:

  • Names
  • Addresses
  • Loan Numbers (as per the Maine Attorney General, financial account number or credit/debit card number (in combination with security code, access code, password or PIN for the account))

This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from Kaye-Smith or Kitsap, contact the Arnold Law Firm at 916-777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.