Arvest Bank faces tech issue leading to breach

The well-known bank has disclosed a breach impacting customers across the United States. 

What happened

Arvest Bank, one of the top 100 banks in the US, recently disclosed a data breach impacting 7,537 individuals to the Maine Attorney General. The breach took place on April 24th, 2025.  

The Arkansas-based bank stated that the incident was the result of a technical glitch that enabled unauthorized account access. In response, the bank temporarily disabled some online banking functions while they resolved the issue. Services were restored on the afternoon of April 25th.

Accessed information included names, account numbers, account balances, and account activity. In response to the breach, Arvest Bank is offering complimentary credit monitoring and identity theft recovery services to impacted customers.

What was said

In their breach notification, Arvest stated “We recently experienced a brief technical issue during routine system updates late on Thursday, April 24. This issue temporarily allowed a limited number of customer accounts to be viewable by another customer during online banking…” 

The bank added that their team “quickly detected and resolved the matter, temporarily disabling some online functions until everything was fixed.” 

The big picture

Although this breach was accidental, personal account data was still compromised. The breach notice implies that only one customer was able to access other customer’s banking information. However, even one individual accessing data could potentially lead to fraud or theft. 

Even when handling routine site maintenance or updates, organizations must be diligent in their cybersecurity measures. Many threat actors are opportunistic and routinely seek out websites that have glitches or flaws in their security. While this breach was fairly minor, it shows that small mistakes can have big consequences. Even in an accidental breach, Arvest could still face class action lawsuits and government penalties if the incident was preventable.

FAQs

What should impacted indviduals do following a data breach? 

Those who received a notice should carefully monitor their credit statements. Individuals should also take advantage of free credit monitoring and identity theft recovery services. If an individual believes the incident has resulted in monetary or time loss, they can also pursue legal action. 

Were any threat actors involved in this breach?

The breach at Arvest was caused by a technical glitch, meaning that no one maliciously attempted to gain unauthorized access. However, even though the breach was accidental, Arvest still has to provide notifications to individuals and states that require it, like Maine.