Commonwealth Business Bank (CBB), a full-service business bank serving customers across California and beyond, reported a cybersecurity incident that affected its computer network. According to filings associated with the breach reported to the California Attorney General, unauthorized actors gained access to parts of the bank’s systems between January 25 and February 8, 2025. The suspicious activity was first identified on February 6, 2025, prompting an internal investigation by the bank and its cybersecurity partners.
Letters notifying affected individuals were mailed beginning on August 13, 2025, as required by state law. These notifications to customers followed the bank’s extensive review of what data may have been impacted.
What Types of Information Were Exposed
Official breach letters and related reports indicate that sensitive personal data stored in the bank’s systems may have been viewed or acquired by unauthorized parties during the period of access. While the full scope of information may vary by individual, the types of data at risk include basic identifying details and potentially highly sensitive financial or personal record elements. Public reporting on the incident suggests that this could include names, addresses, Social Security numbers, driver’s license or government-issued ID numbers, birthdates, and financial account information such as credit or debit card numbers or other account details.
Because banks like Commonwealth Business Bank collect and store a wide range of personal and financial information to serve their customers, exposure of this nature carries elevated risks of identity theft, financial fraud, or unauthorized use of account details.
Why This Breach Matters
A data breach at a financial institution presents serious concerns because of the type of sensitive information individuals entrust to banks. Personal identifiers such as Social Security numbers and government-issued ID numbers cannot be changed like a password, and financial account information may be used to open unauthorized lines of credit, initiate fraudulent transactions, or compromise existing accounts.
The fact that the breach lasted several weeks before being detected highlights the stealthy nature of many cyberattacks and underscores the importance of proactive monitoring and response. Cybercriminals often retain stolen data and use it long after an incident has occurred, which means that individuals affected may face risks well into the future.
Steps to Protect Your Personal Information
If you received a breach notification from Commonwealth Business Bank or believe your data may have been included, there are steps you can take to help protect yourself. Start by reviewing your credit reports and financial account statements for any signs of unauthorized activity. Pay close attention to the discovery of new accounts you didn’t open or unclear charges on existing accounts.
Monitoring your credit report regularly can help you detect suspicious activity early. You have the right to request free credit reports through the major credit reporting agencies. You might also consider placing a fraud alert or a credit freeze on your file, which can make it more difficult for fraudsters to open new accounts in your name.
Be cautious with any unsolicited calls, text messages, or emails that reference your financial information or request additional personal details. Scammers often use information obtained from breaches to craft communications that appear legitimate.
Understanding Your Rights
When a data breach occurs, federal and state privacy laws offer protections designed to help those affected. Under California law, businesses that experience breaches involving personal information are required to notify impacted individuals and provide information about what happened and the types of data involved. In some cases, companies also provide complimentary credit monitoring or identity protection services to help mitigate risks.
Affected individuals may have legal options if they suffer financial harm or identity theft as a result of the breach. Consulting with a legal professional experienced in data breach and consumer privacy law can help you understand your rights and determine next steps.
Remaining Vigilant Over Time
Even after you take immediate protective measures, it’s important to stay vigilant. Stolen data can remain useful to cybercriminals for years, and identity misuse may not appear immediately. Regularly checking your credit history, financial statements, and notifications from service providers can help you spot issues early.
If you detect unauthorized activity or suspect misuse of your personal information, report it promptly to your financial institutions and the relevant credit bureaus. Keeping thorough records of suspicious activity and your responses can support any recovery or dispute efforts you may undertake. Our team at Almeida Law Group can also help you by discussing your options with you, evaluating your risk, and determining the next best steps for you.
