GREENSBORO, N.C. — Bank of Oak Ridge, a community bank in Piedmont-Triad, said an "unauthorized actor" accessed banking customer data in late April, leading the bank to notify federal authorities and launch an investigation.
A spokesperson with Bank of Oak Ridge told WFMY News 2 that the data breach occurred between April 26-27, 2021.
"We learned that an unauthorized actor accessed the system and may have viewed historical data containing certain customer data," according to Skylar Mearing, Marketing & Communications Manager with Bank of Oak Ridge.
"We recently experienced a cybersecurity incident that impacted some of our computer systems and caused a brief disruption to certain banking services," Mearing said.
Customers whose data may have been viewed were those who opened accounts before or on September 30, 2009. Anyone who opened accounts afterward were not impacted, Mearing said.
Bank of Oak Ridge opened in 2000, according to its website.
As for what kind of data - addresses, social security numbers, or phone numbers - the bank spokesperson said it depended on the customer and did not any further specific information available.
After the data breach, Bank of Oak Ridge officials notified federal authorities and immediately launched an investigation with outside assistance, Mearing said.
All five of Oak Ridge Bank's branches were closed for two days in late April. The bank spokesperson said the branches were closed to the public while the bank worked on its computer systems to restore normal operations.
During the closure, customers were still able to access online and mobile banking, as well as deposit and withdrawal via ATM, Mearing said.
Impacted Bank of Oak Ridge customers were mailed a letter on July 7 about the data breach. Mearing did not have information available about the number of customers who were affected and received a letter.
"To anyone potentially affected, we have offered 12 months identity protection service," Mearing said.
"There has been no evidence that this information was stolen, only that it was accessible for a brief time and potentially viewed," Mearing said, adding "There is no evidence that it had been shared or misused."