KeyBank reports third party data breach
Learn More
KeyBank is reporting a data breach stemming from a security incident at their third-party vendor, Wong Fleming, P.C., a law firm providing asset recovery services.
KeyBank, headquartered in Cleveland, Ohio, is a regional financial services institution operating as a subsidiary of KeyCorp. The bank offers banking, lending, and investment solutions across the United States. Wong Fleming, P.C. is a Princeton, New Jersey-based full-service law firm offering various legal services, including litigation, corporate law, and compliance services for businesses, financial institutions, and government entities.
The incident was initially discovered on January 16, 2025, when Wong Fleming detected unauthorized remote access to their network. The breach affected Wong Fleming's systems and did not compromise KeyBank's direct infrastructure.
KeyBank performed a review of the compromised files to identify affected individuals and the scope of exposed information. The breach exposed customer information, including:
- Names
- Addresses
- Birth dates
- Social Security numbers
- Phone numbers
- Email addresses
- Driver's license numbers
- Account numbers
The number of affected individuals is not disclosed.
The bank has begun sending notification letters to affected individuals. These letters contain personalized information detailing the specific data elements compromised for each recipient.
