What happened in the PNC Financial Services cyberattack?

PNC Financial Services, a Pennsylvania-based bank operating 2,200 branches nationwide, was hit by a cyberattack that compromised sensitive personal information of customers. The breach occurred on or around September 2025 when an unauthorized actor gained access to files containing sensitive customer data.

What is PNC's official response to the cyberattack claims?

PNC has officially acknowledged an internal error where client information was improperly provided to another client without authorization, and also acknowledged that unauthorized individuals accessed its IT network. However, the bank disputes Market Exchange's claims and maintains that the internal disclosure and the dark web claims are unrelated incidents.

What types of sensitive data were exposed in the PNC breach?

The exposed data includes names, addresses, account numbers, and Social Security numbers of PNC customers. The nature of the attack and the exact number of affected individuals has not been disclosed by the bank.

How many PNC customers were potentially affected by this breach?

The cybercriminal group Market Exchange claims to have acquired 740,000 PNC customer records, but PNC disputes this claim. The bank has not disclosed the actual number of affected individuals, and the exact scope of the breach remains unclear.

When did PNC notify customers about the data breach?

PNC sent notifications to affected customers on September 10, 2025, just three days after the cybercriminal group Market Exchange made their public claims about having acquired the stolen customer records.

What should PNC customers do if they believe they were affected?

Affected PNC customers should monitor their accounts closely for any unauthorized activity, take advantage of the free credit monitoring services offered by the bank, and be aware that additional authentication may be required for certain transactions due to the enhanced security alerts placed on their accounts.

Incident

Hackers claim breach of PNC Financial Services, the bank denies

Q: What protection measures is PNC providing to affected customers?

PNC Financial Services has placed alerts on affected accounts that will remain active for six months, requiring additional authentication for transactions conducted in branches or through the Customer Care Center. The bank is also offering one year of free Experian IdentityWorks credit monitoring services to impacted account holders.

published: Sept. 26, 2025

Learn More

Hackers claim breach of PNC Financial Services, a Pennsylvania-based bank operating 2,200 branches nationwide.

The alleged breach occurred on or around September 2025 when an unauthorized actor gained access to files containing sensitive customer data. The cybercriminal group Market Exchange publicly claimed on September 7, 2025, that it had acquired the stolen records and plans to sell the complete database of 740,000 PNC customer records.

PNC has officially acknowledged an internal error where client information was improperly provided to another client without authorization, but the bank disputes claims by cybercriminal group Market Exchange about having stolen data for sale on dark web marketplaces.

PNC sent notifications to customers on September 10, 2025. PNC Financial Services placed alerts on affected accounts that will remain active for six months, requiring additional authentication for transactions conducted in branches or through the Customer Care Center, and is offering one year of free Experian IdentityWorks credit monitoring services to impacted account holders.

Update - We have updated the post to link to the denial of PNC bank about the breach claims

Hackers claim breach of PNC Financial Services, the bank denies

Read More
Orbit Chain hacked, 81 million dollars stolen but …
PayPal Discloses Six-Month Data Exposure Caused by Software …
Edelman Financial Engines Data Breach Exposes Social Security …
Cornerstone Home Lending reports data breach
Irish financial company FDC Group reports data breach