MainStreet Bancshares Says Customer Data Was Stolen in Third-Party Vendor Cyberattack

Community bank holding company MainStreet Bancshares has revealed that customer data was stolen after one of its third-party service providers was hacked. The bank disclosed the breach in a filing to the U.S. Securities and Exchange Commission (SEC) last Friday.

The cyberattack, which happened in March, affected about 4.65% of MainStreet Bank’s customers. While the exact number of customers is unknown, the bank reported $1.9 billion in deposits and $135 million in revenue last year. MainStreet Bank operates six branches in Virginia and Washington, D.C., and runs around 55,000 ATMs. It also serves more than 1,000 businesses through its on-site banking service, “Put Our Bank in Your Office.”

Importantly, the bank confirmed that its own systems were not breached, and there were no unauthorized transactions. The attack didn’t affect the bank’s operations or finances.

Once alerted to the breach, MainStreet Bancshares activated its incident response plan and cut ties with the vendor. Impacted customers were notified on May 26 and given tools to monitor for suspicious activity.

This incident highlights how third-party vendors can be weak points in cybersecurity, even for well-prepared organizations.

The timing of the breach also ties into a wider debate in the U.S. banking industry over cybersecurity rules. A regulation called Item 1.05, which took effect in December 2023, requires public companies to report major cyber incidents in SEC Form 8-K filings.

Banking industry groups—including the American Bankers Association and Independent Community Bankers of America—recently sent an open letter asking the SEC to drop the rule. They argue it causes confusion, forces premature public disclosures before investigations are complete, and could even help cybercriminals in extortion efforts.

So far, 221 companies have reported cybersecurity issues under this rule.

The banking groups said the rule doesn’t give investors useful information and adds unnecessary risk and cost. They’ve offered to work with the SEC to create better guidelines that protect both investors and national security.

For now, MainStreet Bancshares continues to monitor the situation and support affected customers.