Main Street Bank’s parent company, MainStreet Bancshares, has disclosed a data breach affecting some of its customers. The breach happened in March 2025 via a third-party vendor used by the bank.
The company has filed a report with the SEC claiming “an outside vendor to the core bank had been compromised.” The incident involved hackers breaking into the now-terminated merchant’s payment card environment. After the breach was discovered, the company activated its incident response process, initially concluding that the impact was “likely not material.”
However, a follow-up review on April 28, 2025, revealed that the compromised system had leaked personally identifiable information of a small subset of the bank’s customer base, approximately 4.65 percent to be specific. The bank revealed that the leaked information includes card names, numbers, and expiration dates in a letter sent to affected individuals.
At the time of writing, there’s no evidence to suggest that more sensitive information like Social Security or bank account numbers has been leaked. The bank’s systems aren’t compromised or affected, and more importantly, no fraudulent transactions have yet been carried out.
Unlike the usual data breach case, Main Street Bank isn’t offering any credit monitoring or protection services to the affected individuals, or at least hasn’t mentioned them in the notification it sent out. The letter simply provides information on how affected individuals can reach out to credit monitoring agencies and protect themselves.
The information leaked isn’t complete, and if a hacker wants to use it for stealing money, they’re going to need your PIN or CVV code. However, it can still be used to target individuals in social engineering or phishing attacks to carry out identity or financial theft.
In the News: Whistleblower exposes Conti and TrickBot gang leader
