US bank reports itself after slinging customer data at 'unauthorized AI app'

A US commercial bank just tattled on itself to the Securities and Exchange Commission (SEC) for plugging a bunch of customer data into an unauthorized AI application.

Community Bank, which operates in southwestern Pennsylvania, Ohio, and West Virginia, filed an 8-K with the regulator on Monday, saying it launched an investigation into the internal cockup, which remains ongoing.

It felt compelled to submit the filing "due to the volume and sensitive nature of the non-public information."

This included customer names, dates of birth, and Social Security numbers, but the filing provided no further detail about the incident.

Community Bank did not specify what this "unauthorized AI-based software application" was or how it was used.

However, the disclosure of data such as SSNs, which in the US are generally categorized among the most sensitive types of data that organizations can store on behalf of customers, is protected under several federal and ...