Two U.S. banks say they are investigating data breaches targeting their customers’ information.
“We have been managing an incident involving data extracted from a third party vendor,” Citizens Bank said in a statement Tuesday (April 21).
“For Citizens, most of this was masked test data, although a limited set of information for a small number of customers was involved.”
The bank said there is no evidence of unauthorized access to its network, and operations would continue as usual, with enhanced monitoring in place.
Meanwhile, a report from the website Cyber News says that Texas-based lender Frost Bank had learned from one of its vendors that hackers had gained access to its system, which may have compromised Frost customer data.
“We have engaged external cybersecurity experts to assist in our investigation, and early findings indicate that the incident may be related to recent claims made by cybercriminals,” a spokesperson for the bank told Cyber News, adding there is “no evidence of unauthorized access to the Frost network.”
Advertisement: Scroll to Continue
That report notes that both banks had appeared on the dark web site of the Everest ransomware gang, with attackers giving the lenders six days before releasing the stolen data.
“Ransomware has become a structured, global industry,” PYMNTS wrote earlier this month. “Organized cybercriminal groups now operate with business-like efficiency. Attacks are no longer limited to encrypting files; they often involve ‘double extortion, where attackers threaten to leak stolen data if payment is not made.”
It has led to the rise of the ransomware negotiator, people whose skills lie not so much in technical expertise and more about human interaction, albeit via virtual channels. Negotiators need to quickly assess the attacker’s credibility, figure out whether stolen data will actually be released and consider how flexible the ransom demand might be.
The emergence of ransomware negotiators, PYMNTS added, is a sign of a broader shift in how organizations view cyber risk.
“It is no longer solely a technical problem; it is a business risk that requires strategic management,” the report continued. “In this sense, negotiators function as a form of corporate diplomat, engaging with adversaries to protect organizational interests.”
Meanwhile, research by PYMNTS Intelligence has found that third-party vulnerabilities are at the heart of many contemporary cyberattacks.
Findings from PYMNTS Intelligence in the August edition of the 2025 Certainty Project report, “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms,” show that attackers often compromise a vendor first, then exploit the trust relationship to infiltrate their target firm.
The research found that 38% of invoice fraud cases and 43% of phishing attacks originated with compromised vendors.
