Simmons Bank Data Breach
Table of Contents
- Published: Jun 25, 2024
- Last Updated: Jul 09, 2024
Simmons Bank is a community with scale founded in 1903 in Pine Bluff, Arkansas. It was officially opened in 1922 and has since grown with over $27 billion in assets, over 3,200 associates, and footprints in over 200 locations in six states. The bank is a full-fledged community bank that grew considerably by acquiring some local and regional banks. Today, it has a large customer database and offers various financial services, including banking, insurance, lending, and investment management. Hence, it is no surprise that the bank became a target of fraudulent hackers. The Simmons Bank data breach was discovered in 2022 and involved sensitive personal identifying data belonging to many individuals. It was an external system breach, and the information impacted includes customers' names, driver's license numbers, addresses, and Social Security Numbers (SSNs).
Upon noticing suspicious activity within its information network, Simmons Bank began investigations, which revealed that some unauthorized actors had accessed certain network systems belonging to the bank. It was determined that the bad-faith actors, while they had access, reviewed and/or pulled out certain private data from the bank's computer system. About 3,215 individuals were affected by the Simmons Bank Data breach. According to experts, the impact of this data breach may not be known for several months or even years.
When Was the Simmons Bank Data Breach?
Although the Simmons Bank data breach occurred on September 1, 2021, it was not discovered until August 22, 2022. Following this discovery, Simmons Bank's vendor, Mayer Brown LLP, notified the bank on September 21, 2022, that its file-sharing service, the AMS Collaborator, had been breached in a cyber security incident. Mayer Brown explained that the unauthorized actors may have accessed some sensitive personally identifying information in its system.
The bank's investigation confirmed Mayer Brown's discovery and determined that the actors had indeed accessed some sensitive data. After this discovery, Simmons Bank notified the Attorneys General in a few states to inform the public of the situation. In addition, on November 8, 2022, the bank began notifying customers whose data may have been affected through a Breach Notification Letter. The three major Credit Reporting Agencies were also notified.
How to Check If Your Data Was Breached
The Simmons Bank data breach could potentially affect all the bank's customers, but not all were impacted. Following the incident, the bank contacted individuals identified to have been impacted by the breach via notification letters after its investigations. You were probably not impacted if you did not receive any letter from the bank. However, you can still check to confirm whether your data was breached by checking your email or the bank's website for additional information on this breach. While checking your email for possible information, be mindful of phishing attacks from scammers claiming to be contacting you from the bank. When in doubt, it is better to contact Simmons Bank directly through its official communication channels.
Monitoring your account regularly, especially for strange/unauthorized charges, is another way to check if your data was breached in the Simmons Bank data breach. Furthermore, you can get a copy of your credit report to confirm your data was not exposed during the breach. Reviewing your credit report will help you discover any unusual activity relating to identity theft and credit fraud. For instance, it will reveal any credit card account or loan created without your knowledge, indicating that your data may have been breached.
What to Do If Your Data Was Breached
Ensure to review a breach notice and keep a copy whenever one affects you. Customers whose sensitive data were impacted in the Simmons Bank data breach were offered a complementary 12-month credit monitoring and identity theft subscription service provided by Experian. Make sure to enroll in this free credit monitoring service offered by the bank and activate the fraud detection tools available through the service. Also, ensure to modify the passwords and security questions for your online profiles/accounts with the bank over a secure network.
Whether your data was breached in the Simmons Bank data breach or not, it is best to be proactive and take the privacy and security of your information seriously. To this end, it is recommended that you periodically obtain your credit reports from any of the three national credit reporting agencies and regularly review your account statements. Similarly, you can place a fraud alert on your credit file, which requires a business to further verify a customer's identity before extending new credit.
Are There Any Lawsuits Because of the Data Breach?
Although several leading data breach law firms investigated the Simmons Bank data breach incident, there has not been any report of lawsuits against the bank. This may be largely because it was an external system breach (hacking), and the bank was proactive enough to inform the Attorneys General in some states. This action, in addition to notification letters sent to affected customers, made the public aware in good time.
Can My Simmons Bank Information Be Used for Identity Theft?
Yes. Customers' data exposed during the Simmons Bank data breach largely involved personally identifying information that could be potentially used to perpetrate identity theft. However, if you were affected, it is advised that you remain vigilant to avoid falling prey to phishing and other social engineering attempts in the form of phone calls and emails, purportedly from Simmons Bank, offering help. Generally, cybercriminals use stolen information to target unsuspecting individuals with phishing messages or by taking out credit cards or loans in their name, which is typically an identity theft.
What Can You Do to Protect Yourself Online?
Considering the prevalence of online scams by cybercriminals, you must take certain measures to protect yourself against identity theft. Although Simmons Bank has advanced technology and security features to protect its customers' financial and personal information, the following are some ways to ensure the safety of your data online as a bank customer:
- Always keep your private information personal, and if you must post any personal details online, ensure to check the site's security and privacy settings. Generally, cybercriminals can look up your social media accounts to figure out answers to security questions in the password reset tools and lock you out of your account.
- Set strong, lengthy passwords that combine lower and uppercase letters, special characters, and numbers. Avoid using your name or a relative's name in your passwords.
- Always ensure that your mobile devices and PCs are updated with the latest operating systems and security software.
- Log in to your online accounts using secure internet connections only. If you have a home wireless network, make sure to protect it with a password, and if you must use a public Wi-FI, be cautious not to send any sensitive information over it.
- Ensure that a website uses secure technology before shopping with your cards or bank information. You can establish this by looking for a tiny padlock symbol on the site and web addresses that begin with HTTPS.
- Sign up for a credit monitoring and protection service to guard against identity theft.
- Consider setting up text and email alerts to help monitor transactions on your bank and credit accounts.
- Beware of fraudsters who use email phishing scams. Do not click on links or reply to any suspicious email in your inbox, even if someone from your contact list sent it. Instead, report such an email as spam, block the sender, and delete the email.
Stay current by educating yourself about the latest technologies, cyber threats, and best practices using sites like IDStrong.