Bank's AI chatbot blunder exposes thousands of customer secrets

Community Bank disclosed a cybersecurity incident in which customer data was uploaded to an unauthorized artificial intelligence application. According to TechCrunch, the Pennsylvania, Ohio, and West Virginia-based bank exposed customers' names, dates of birth, and Social Security numbers.

In an SEC filing dated May 7, Community Bank admitted that an employee uploaded customer data to an "unauthorized artificial intelligence-based software application." The bank did not specify which AI app was involved or how many customers were affected.

The bank cited "the volume and sensitive nature of the non-public information at issue" in deciding to disclose the incident publicly. However, it has not released details about what data was compromised or how the upload occurred.

Chief executive John Montgomery did not respond to requests for comment from TechCrunch.

Community Bank said it is "evaluating the customer data that was affected" and will notify customers according to legal requirements. The bank has not specified a timeline for those notifications.