Great Plains Bank notifies 7K+ people of data breach that compromised SSNs

Great Plains Bank Corporation, the parent company of Great Plains National Bank, yesterday confirmed it notified 7,767 people about a November 2024 data breach that compromised names and Social Security numbers.

Ransomware gang Akira claimed responsibility for the attack on December 16, 2024, saying it stole 18 GB of data from Great Plains National Bank. The group further claims to have stolen “internal corporate documents including: NDAs, driver licenses, contact numbers, and email addresses of employees and customers.”

Great Plains Bank, which says it discovered the breach on November 21, 2024, has not verified Akira’s claim. We do not yet know if Great Plains Bank paid a ransom, how much Akira demanded, or how attackers breached the bank’s network. Comparitech contacted Great Plains Bank for comment and will update this article if it replies.

“The investigation so far indicates that some of your personal information may have been accessed by an unauthorized party as early as November 2024,” Great Plains Bank’s notice to victims says.

The bank is offering eligible victims free identity theft protection through Experian. The deadline to enroll is May 30, 2025.

Who is Akira?

Akira is a ransomware gang that first emerged in March 2023. Its targets span education, finance, manufacturing, real estate, and healthcare. It often extorts victims twice: once in exchange for a decryption key to restore systems, and again in exchange for not selling or publicly releasing stolen confidential data.

Akira has claimed 114 confirmed ransomware attacks since it began adding victims to its data leak site, plus another 441 claims that were not confirmed by the targeted organizations. Of those, eight confirmed and 193 unconfirmed claims were made since November 2024, showing a sharp uptick in ransom demands.

Akira’s other recently confirmed victims include Vicky Foods (Spain) and the Laramie County, WY library system.

Confirmed Akira attacks have compromised more than 806,000 individual records, and come with an average ransom demand of $900,000.

Ransomware attacks on US finance

Ransomware attacks on banks and other financial institutions can steal confidential data and lock down computer systems. Banks must either pay a ransom to restore their data or face extended downtime, data loss, and putting customers and/or staff at increased risk of fraud.

Comparitech researchers logged 56 confirmed ransomware attacks on US banks and other financial companies in 2024, compromising more than 34.4 million records. The number of attacks fell from 2023, but the number of records compromised increased.

Other recent such attacks include those on Mortgage Investors Group (Black Basta); Mission Bank (RansomHub); and Black, Bashor, & Porsche (LeakedData).

We’re tracking another 31 claims made in 2025 so far, but none have been confirmed yet.

About Great Plains Bank Corporation

Great Plains Bank Corporation is the parent company of Great Plains National Bank. It operates about two dozen branches in Texas and Oklahoma, mostly around Dallas and Oklahoma City.