Bask Bank has sent out a letter to account holders informing them that on April 27, 2026 they identified and responded to ‘an isolated security incident’. They go on to say that they have no evidence that individuals information was targeted or misused but that account holders names and social security number were included. They are offering a 24 month membership to Experian’s IdentityWorks product for free.
The letter itself is confusing and light on details, it’s also frustrating that Bask Bank doesn’t have any information on their website confirming this information is correct. In fact the Bask Bank newsroom only includes positive articles with the most recent being from 2024.
Several things are unclear:
- How long was information accessible for? Bask Bank just states they identified on April 27, 2026.
- They say there is no evidence that information was targeted or misused, but that social security numbers were included. Does this mean they didn’t detect any of this information being accessed but it was available for attackers?
- If they were fixed the issue on April 27, why are they only telling account holders about this issue now?
Many readers have Bask Bank accounts as they earn American Airline miles. We’ve said it before but we will say it again, until the punishment for data breaches is increased it will continue to happen at an alarming rate. Even simple things like having to notify customers immediately would be a step in the right direction.
Hat tip to reader Woori
