Ransomware gang claims data breach at Mission Bank that exposed SSNs and account info

Ransomware group RansomHub today claimed responsibility for a December 2024 data breach at Mission Bank in California. The bank notified an undisclosed number of people that the following information was compromised:

• Names
• Social Security numbers
• Dates of birth
• Addresses
• Telephone numbers
• Driver’s license or other state-issued ID number
• Passport numbers
• Financial account numbers

Mission Bank’s December 31, 2024 notice (PDF) to victims states, “Mission Bank experienced a network security incident on December 2, 2024. An unauthorized party gained access to certain systems within our network despite our robust information security measures.”

RansomHub says it stole 2.7 TB of data on both employees and customers from the bank. The group threatened to release all documents if Mission Bank didn’t meet its demands.

Mission Bank has not verified RansomHub’s claim. We do not know if the bank paid a ransom, how much RansomHub demanded, or how attackers breached the bank’s systems. Comparitech contacted Mission Bank for comment and will update this article if it replies.

Mission Bank is offering victims free credit monitoring via CyberScout. The enrollment deadline is March 31, 2025.

Who is RansomHub?

RansomHub runs on a ransomware-as-a-service model in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms. RansomHub is behind high-profile attacks on Rite Aid, Christie’s auction house, Frontier Communications, and the Florida Department of Health. It first started posting organizations it hacked to its leak site in February 2024.

Since it began, RansomHub claimed 94 confirmed ransomware attacks that compromised more than 5.5 million records. It claimed another 478 unconfirmed attacks that have not been acknowledged by the targeted organizations.

Also in December 2024, RansomHub claimed attacks on Community Health Northwest Florida and Ecuadorian finance company Fondo Genesis.

Ransomware attacks on US finance

Ransomware attacks on finance companies can steal confidential data and lock down computer systems. They disrupt operations and often lead to data loss. Aside from data theft, ransomware often encrypts affected systems so they can’t be used until a ransom is paid to decrypt them. Ransomware groups demand additional ransom be paid in exchange for not selling or publicly releasing stolen data.

Comparitech researchers logged 54 confirmed ransomware attacks on US financial companies in 2024, compromising 34.4 million records. The average ransom demand was $1.05 million.

Other recent ransomware attacks on financial companies include:
– Mortgage Investors Group confirmed a December 2024 attack claimed by Black Basta
– Accounting firm LaMear & Rapert confirmed an October 2024 breach claimed by Qilin, compromising 4,062 records
– Accounting firm Iannuzzi, Manetta & Co. confirmed it was attacked by an unknown group in July 2024, compromising 25,845 records

About Mission Bank

Founded in 1998, Mission Bank primarily serves businesses the Bakersfield, California area, where it operates eight branches. It employs more than 50 people, according to its LinkedIn profile.