Bask Bank has sent a letter to account holders informing them that on April 27, 2026 they identified and responded to “an isolated security incident.” They go on to say they have no evidence that individuals’ information was targeted or misused, but that account holder names and social security numbers were included. They are offering a 24-month membership to Experian’s IdentityWorks product for free.
The letter itself is confusing and light on details, it is also disappointing that Bask Bank has no information on their website confirming that this information is correct. In fact, Editorial office of the Basque Bank includes only positive articles with the latest from 2024.
A few things are unclear:
- How long was the information available? Bask Bank just declares that they are identified on April 27, 2026.
- They say there is no evidence the information was targeted or misused, but that social security numbers were included. Does this mean that they did not disclose any of this accessed information, but it was available to attackers?
- If they fixed the problem on April 27th, why are they only telling account holders about this problem now?
Many readers have Basque Bank accounts while earning American Airline miles. We’ve said it before, but we’ll say it again, until the penalty for data breaches is increased, it will continue to happen at an alarming rate. Even simple things like notifying customers immediately would be a step in the right direction.
Hat tip to the reader Woori
