Third-Party vendor breach compromises data of nearly 45,000 Norway Savings Bank customers

Norway Savings Bank, a community financial institution based in Maine, is reporting a security incident that potentially exposed the personal information of approximately 44,259 customers. The breach occurred on August 14, 2025, when an attacker obtained access to certain portions of a third-party data services provider's environment that handled customer data for the bank. 

NSB claims that the incident did not involve the nank's internal systems, and the bank's infrastructure remained secure. The investigation was concluded on October 27, 2025, and confirmed breach confirmed access to customer data. The compromised data includes: 

• Names
• Addresses
• Dates of birth
• Social Security numbers
• Tax identification numbers
• Financial account information

As of October 27, 2025. Norway Savings Bank began notifying affected customers. The institution is providing complimentary credit monitoring and identity theft protection services to all individuals whose information may have been compromised. 

The bank has also used its existing 24-hour fraud monitoring system, which examines every transaction for fraudulent activity and suspicious patterns, to provide enhanced surveillance of customer accounts.