- Key insight: A community bank disclosed a material cybersecurity incident caused not by a hacker but by its own employee feeding customer data into an unauthorized AI tool.
- What's at stake: Almost every bank now has employees who could paste customer data into a chatbot, and most security tools cannot see it happen, making this filing a template for how that becomes a public disclosure.
- Forward look: The same employee mistake triggered three separate obligations at once: SEC disclosure, a 36-hour notice to the bank's prudential regulator and customer notice under the Gramm-Leach-Bliley Act.
Overview bullets generated by AI with editorial review.
An employee at a Pennsylvania community bank fed customer data into an unapproved AI app. However, the bank told American Banker it reached the app's vendor in time to keep customers' personal information from being used to train an AI model.
The data the employee exposed included customers' names, Social Security numbers and dates of birth, CB Financial Services disclosed last month in a filing to the U.S. Securities and Exchange Commission.
The disclosure may be the first of its kind. CB Financial, the parent company of
A
An American Banker review of the SEC's full-text filing database backs that up. The phrase "unauthorized artificial intelligence" appears in exactly one 8-K on record: the one CB Financial filed.
There was no hacker involved in the incident, and the bank's operations experienced no interruptions. By the bank's account, an employee simply used the wrong tool to do their job. Yet, the misstep yielded a public SEC filing about a cybersecurity incident.
The incident at CB Financial represents a concrete example of the abstract risk of shadow AI; one employee's shortcut created a pile of disclosure duties and regulatory deadlines.
What the filing says
Community Bank found out about the incident on May 5. Two days later, on May 7, the company decided it was material. It filed the 8-K on May 11, signed by John H. Montgomery, CB Financial's president and chief executive.
An employee handled "certain non-public customer information using an unauthorized artificial intelligence-based software application," the filing says. The information disclosed included customer names, Social Security numbers and dates of birth.
The incident "did not involve a disruption to the bank's operations, customer access to accounts or services, payment systems or core information technology infrastructure," according to the filing.
No threat actor broke in, and CB Financial said in its May filing that it expects the incident to have no material impact on its finances. Nonetheless, it found the event to be material due to "the volume and sensitive nature of the non-public information at issue."
The company said in the filing that it brought in outside cybersecurity advisors and has been "in communication with relevant banking and financial regulators." It said it is notifying affected customers as federal and state law requires.
What the bank told American Banker
The filing did not say how the customer data got loose. Montgomery and Jennifer George, the bank's senior executive vice president and chief operating officer, filled in some of those details for American Banker.
The employee fed the data into the unapproved tool while mocking up a presentation, Montgomery told American Banker. He did not name the AI application.
The bank also has not said how many customers had their information exposed or when the employee uploaded the data, only that it became aware of the incident on May 5. The May filing said the bank's investigation into the scope and cause was still ongoing.
The bank already offered an approved AI tool, with bank-issued accounts for employees cleared to use it, Montgomery said. The employee instead turned to a tool the bank had not approved, using a personal account.
The bank did not say why the employee chose the unapproved tool over the sanctioned one.
George drew a distinction about how the data moved. The employee did not email the file or copy it to a device, both of which the bank's data-loss-prevention policies prohibit, she said. Those policies are internal controls meant to keep sensitive data from leaving the bank.
"He accessed it from a personal device through a fully authenticated channel," George told American Banker. The data "was uploaded to the platform from the employee's personal device," she said.
In other words, the employee had logged in with valid credentials and legitimate access to the data, so the leak was a misuse of that access rather than a break-in.
The employee "thought the sensitive data had been removed from the file," George said.
There is no evidence the data was misused, Montgomery said. Because the bank caught the upload early, Montgomery believes CB reached the AI vendor in time to stop the customer information from being used to train the vendor's model.
"We acted swiftly to remediate the actions by accessing appropriate channels to limit the infiltration of data into the model," George said. "The file and all surrounding prompts were deleted immediately upon confirmation of upload."
Since the incident, the bank has blocked the web domains of unapproved AI tools and is working with the AI company on the cleanup, according to Montgomery.
The bank has also tightened employees' access to customer data and expanded its data-security policies, George said.
"This is one single act by one single employee who accessed data through a fully authenticated portal," she said. Protecting customer data is the bank's "highest priority," she said.
What the filing signals
Perhaps the most telling choice the bank made was to file under Item 1.05 of Form 8-K, which the SEC reserves for cybersecurity incidents a company has decided are material.
CB did not use Item 8.01, the catch-all companies often reach for when they want to disclose an incident without calling it material.
The distinction is important to the SEC. In a
The commission said at that time to save Item 1.05 for genuinely material incidents, pointing back to what the SEC said the previous year when it wrote
By choosing Item 1.05 for a data exposure that caused no operational or financial damage, Community Bank sent the market a deliberate signal that the incident mattered.
The bank's problem is bigger than the SEC's
A securities filing is only one of the obligations an incident like this triggers, and it is not the most urgent one. Banks carry a layer of regulatory duties that an ordinary public company does not, and several of them move faster than the SEC's clock.
One is the so-called
Another is customer notice. Under
The guidance is meant to protect exactly what CB Financial said was exposed: names paired with Social Security numbers and dates of birth.
CB Financial says it is addressing these duties. Its filing says the bank has been in communication with its regulators and is notifying affected customers as federal and state law require.
But unlike the public 8-K, those notices leave no public trace, and the bank has not said when it made them, so it is not clear whether Community Bank complied with these nonpublic disclosure rules, including the 36-hour deadline.
The CB employee's mistake likely produced obligations on three separate tracks: the SEC disclosure the public can read, a fast notice to the bank's prudential regulator, and a duty to tell affected customers.
The filing is likely the smallest and most visible part of the response.
What this means for the next bank
The threat in CB Financial's filing was not a sophisticated adversary but a well-meaning employee with a deadline and a web browser.
Because the employee reached for AI, the threat falls under the umbrella of
Insider threats (including shadow AI) can be harder to defend against compared to outside adversaries; in these cases of friendly fire, data leaves through a channel many security systems were never built to watch.
The solution, often, is taking the familiar tools the bank uses on a regular basis and aiming them at the new risks.
Such tools include acceptable-use policies that say plainly which AI tools are allowed, data-loss-prevention software that can catch sensitive information on its way out, hard blocks on unauthorized AI platforms, and vendor lists vetted for how each tool handles data.
Wilson Sonsini's alert lays out that checklist for financial institutions, and it is blunt that the problem is not hypothetical. Sensitive data "is being input into unauthorized AI tools" outside established security controls, the alert says. "It is happening now."
Every control the alert recommends assumes employees will use AI and tries to make that use safe rather than wish it away. A flat ban does little when staff can reach a chatbot from a personal device, so the more durable fix is to give them sanctioned tools and watch the exits.
But Community Bank shows the limit of that approach. It already offered an approved AI tool, and an employee still reached for one the bank had not cleared.
