June 1, 2026
Community Bank: Employee's AI Chatbot Use Exposed SSNs
On May 7, 2026, a $1.46 billion Pennsylvania bank holding company told the SEC that an employee's use of an "unauthorized artificial intelligence-based software application" exposed customers' names, Social Security numbers, and dates of birth — a filing made just two days after the bank discovered it.
The story
On May 5, 2026, Community Bank — the Pennsylvania-chartered subsidiary of CB Financial Services, Inc. (Nasdaq: CBFV), serving Pennsylvania, Ohio, and West Virginia — discovered an employee had handled non-public customer data through an AI application it had never approved. Two days later, it told the SEC in a Form 8-K that the incident was material, confirming customer names, Social Security numbers, and dates of birth were exposed. Neither the bank nor the filing named the AI tool, and the investigation into scope and root cause was still ongoing.
Why business leaders should care
No attacker breached Community Bank's systems. By its own account, there was no malware, no exploited vulnerability, no disrupted accounts or payments. The exposure came from inside the building — someone doing their job, feeding SSNs and birth dates into a tool that probably felt like any other browser tab. That matters most for institutions in the $500M–$4B range, where compliance teams are built to catch wire fraud and ransomware, not to track which AI tools staff have quietly started using. The bank still had to notify regulators and file a public disclosure — the same regulatory and reputational cost as a traditional breach, triggered by a policy gap rather than a hacker. Higher education carries the same exposure anywhere staff handle FERPA-protected records or aid data.
Why technologists should care
This is "shadow AI" — employees using consumer-facing tools (a public chatbot, a free browser extension) outside the approved software list and outside any data processing agreement with the vendor. A public chatbot may log or reuse submitted text with no way to verify or claw it back, unlike a vetted enterprise deployment with contractual retention limits. The root failure isn't a coding flaw; it's missing controls — no DLP rule flagging SSN patterns leaving the network, no policy blocking unapproved AI domains, no logging to say what was submitted and when. That gap is likely why, five days in, the bank still couldn't say which tool was used or how many customers were affected.
Questions to bring back to your team
Do we know which AI tools our employees can reach from a work laptop or phone, sanctioned or not?
You can't manage a risk you haven't inventoried — right now this is a blind spot, not a controlled exposure. Examiners are starting to ask for an AI tool inventory as part of vendor and third-party risk reviews, and "we don't track that" won't satisfy a regulator asking how model risk is being managed. The gap between what IT has approved and what staff have actually installed or bookmarked is usually wider than leadership assumes.
If someone pasted customer or student data into a public AI chatbot today, could we prove what left our network?
Without DLP or logging on these tools, "we don't believe any data was retained" is a hope, not evidence an examiner will accept. In a materiality determination, the difference between knowing exactly what left and where it went, versus not being sure, changes both the disclosure timeline and how many people need to be notified. Most institutions can answer this question for a stolen laptop or a phished email account — very few can answer it for a chatbot tab.
Do we have a written AI acceptable-use policy, and has everyone who touches regulated data acknowledged it?
An unwritten expectation isn't something you're actually managing — it won't hold up as a defense if this happens here. A written policy with documented acknowledgment gives you something concrete to point to if a regulator or plaintiff's attorney asks what the institution did to prevent this. It also gives employees a sanctioned alternative, so the instinct to reach for a public tool doesn't fill a vacuum no one addressed.
If we had to disclose an AI-related incident tomorrow, do we know our notification timeline and who makes the call?
Community Bank went from discovery to public materiality determination in two days — that speed only happens when the path is set in advance. Waiting until an incident occurs to figure out who owns the materiality call, which regulators get notified first, and what the public statement says invites delay at exactly the moment speed matters most. A pre-built escalation path turns a scramble into a checklist.
Sources
This article was prepared by Erus Consulting using more than one AI model to assist with research, drafting, and editorial refinement. Erus Consulting provided editorial direction, reviewed the source material, shaped the final analysis, and approved the article before publication.
Get started
Want help translating a story like this for your institution?
A 30-minute conversation. Not a sales pitch.
Schedule a discovery call