Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers
None
<h2>What happened</h2><p>Frost Bank, San Antonio’s largest bank, is facing two proposed class-action lawsuits following a cyberattack attributed to the Everest ransomware group that allegedly exposed the sensitive personal data of an estimated 109,000 customers. The bank has not publicly confirmed the scope of the breach or reported it to the Texas Attorney General’s Office, which tracks disclosures required under state law within 30 days of discovery for breaches affecting 250 or more residents.</p><p>Frost Bank has acknowledged being notified by a third-party vendor of unauthorized access to the vendor’s systems that may have included Frost customer data. The bank stated there is no evidence of unauthorized access to the Frost network itself and that early findings suggest the incident may be related to recent claims made by cybercriminals. Outside cybersecurity experts have been engaged to assist with the investigation.</p><p>The lawsuits characterize the incident differently, alleging that hackers accessed Frost customer data and may have stolen hundreds of gigabytes of information including Social Security numbers, financial account details, and contact information. The complaints accuse the bank of failing to implement adequate cybersecurity measures and of delaying notification to affected customers. Each suit seeks more than $1 million in damages. Everest, the group linked to the attack, is described by federal health officials as targeting US organizations and operating within Russian-speaking cybercriminal networks.</p><h2>Who is affected</h2><p>An estimated 109,000 Frost Bank customers face potential exposure of Social Security numbers, financial account information, and contact details, based on the lawsuit filings. The bank has not independently confirmed that figure or issued public notification. Customers who have not yet received direct notification remain in an uncertain position regarding the scope and nature of their exposure.</p><h2>Why CISOs should care</h2><p>The Frost Bank situation presents a pattern that security and legal teams at financial institutions should examine closely. A third-party vendor breach became the entry point for a claimed large-scale customer data exposure, the bank’s characterization of the incident differs significantly from the lawsuits’ allegations, and the absence of a Texas AG disclosure despite state law requirements adds a regulatory dimension to what is already a litigation-heavy situation.</p><p>For security leaders, the third-party vendor angle is the most operationally relevant. Frost Bank’s position that its own network was not breached does not reduce the exposure of customer data held or processed by a vendor. The legal and reputational consequences fall on the institution regardless of where the breach occurred.</p><h2>3 practical actions</h2><ol> <li><strong>Audit what customer data, including Social Security numbers and financial account details, is accessible to third-party vendors and under what security requirements:</strong> The Frost Bank incident followed a vendor breach rather than a direct network intrusion. Map which vendors hold or can access sensitive customer data and confirm that contractual security requirements, access controls, and audit rights are proportional to the sensitivity of that data.</li> <li><strong>Review state breach notification obligations and ensure disclosure timelines are tracked from the moment a vendor notifies you of a potential incident:</strong> Texas law requires notification within 30 days for breaches affecting 250 or more residents. The clock on that obligation does not wait for a forensic investigation to conclude. Establish internal protocols that trigger the notification assessment immediately upon receiving a vendor breach notification, not after the investigation is complete.</li> <li><strong>Prepare for litigation as a parallel workstream when a breach involves third-party vendor exposure:</strong> The Frost Bank lawsuits were filed before the bank had publicly confirmed the scope or nature of the breach. Legal counsel, document preservation, and communications management should be activated in parallel with forensic investigation whenever a potential breach involves customer PII at scale.</li> </ol><div data-test-render-count="1"> <div class="group"> <div class="contents"> <div class="group relative relative pb-3" data-is-streaming="false"> <div class="font-claude-response relative leading-[1.65rem] [&_pre>div]:bg-bg-000/50 [&_pre>div]:border-0.5 [&_pre>div]:border-border-400 [&_.ignore-pre-bg>div]:bg-transparent [&_.standard-markdown_:is(p,blockquote,h1,h2,h3,h4,h5,h6)]:pl-2 [&_.standard-markdown_:is(p,blockquote,ul,ol,h1,h2,h3,h4,h5,h6)]:pr-8 [&_.progressive-markdown_:is(p,blockquote,h1,h2,h3,h4,h5,h6)]:pl-2 [&_.progressive-markdown_:is(p,blockquote,ul,ol,h1,h2,h3,h4,h5,h6)]:pr-8"> <div> <div class="standard-markdown grid-cols-1 grid [&_>_*]:min-w-0 gap-3 standard-markdown"> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Also in the news today:</p> <ul class="[li_&]:mb-0 [li_&]:mt-1 [li_&]:gap-1 [&:not(:last-child)_ul]:pb-1 [&:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/ubuntu-and-canonical-web-services-hit-by-ddos-attack/">Ubuntu and Canonical Web Services Hit by DDoS Attack</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/microsoft-defender-mistakenly-flags-digicert-root-certificates-as-malware/">Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/threat-actors-use-ai-to-automate-zero-day-discovery-and-exploitation-at-machine-speed/">Threat Actors Use AI to Automate Zero-Day Discovery and Exploitation at Machine Speed</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/salt-typhoon-suspected-in-breach-of-ibm-italy-subsidiary-managing-public-infrastructure/">Salt Typhoon Suspected in Breach of IBM Italy Subsidiary Managing Public Infrastructure</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/sandhills-medical-foundation-ransomware-breach-draws-class-action-investigation-nearly-a-year-later/">Sandhills Medical Foundation Ransomware Breach Draws Class Action Investigation Nearly a Year Later</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/telegram-mini-apps-abused-for-crypto-scams-and-android-malware-delivery/">Telegram Mini Apps Abused for Crypto Scams and Android Malware Delivery</a></li> </ul> </div> </div> </div> </div> </div> <div class="flex justify-start" role="group" aria-label="Message actions"> <div class="text-text-300"> <div class="text-text-300 flex items-stretch justify-between"> <div class="w-fit" data-state="closed"></div> </div> </div> </div> </div> </div><p>The post <a rel="nofollow" href="https://cisowhisperer.com/frost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers/">Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers</a> appeared first on <a rel="nofollow" href="https://cisowhisperer.com/">CISO Whisperer</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/frost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers/" data-a2a-title="Frost Bank Hit With Class-Action Lawsuits Over Data Breach Affecting More Than 100,000 Customers"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffrost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers%2F&linkname=Frost%20Bank%20Hit%20With%20Class-Action%20Lawsuits%20Over%20Data%20Breach%20Affecting%20More%20Than%20100%2C000%20Customers" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffrost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers%2F&linkname=Frost%20Bank%20Hit%20With%20Class-Action%20Lawsuits%20Over%20Data%20Breach%20Affecting%20More%20Than%20100%2C000%20Customers" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffrost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers%2F&linkname=Frost%20Bank%20Hit%20With%20Class-Action%20Lawsuits%20Over%20Data%20Breach%20Affecting%20More%20Than%20100%2C000%20Customers" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffrost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers%2F&linkname=Frost%20Bank%20Hit%20With%20Class-Action%20Lawsuits%20Over%20Data%20Breach%20Affecting%20More%20Than%20100%2C000%20Customers" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffrost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers%2F&linkname=Frost%20Bank%20Hit%20With%20Class-Action%20Lawsuits%20Over%20Data%20Breach%20Affecting%20More%20Than%20100%2C000%20Customers" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://cisowhisperer.com">CISO Whisperer</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Evan Rowe">Evan Rowe</a>. Read the original post at: <a href="https://cisowhisperer.com/frost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers/?utm_source=rss&utm_medium=rss&utm_campaign=frost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers">https://cisowhisperer.com/frost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers/?utm_source=rss&utm_medium=rss&utm_campaign=frost-bank-hit-with-class-action-lawsuits-over-data-breach-affecting-more-than-100000-customers</a> </p>