UPDATE: Centennial Bank reveals “Data Security Incident”

The incident occurred in April 2023, but wasn't revealed to customers until three days ago.

By Jonesboro Right Now April 22, 2024 8:19 pm

Update 4/23/24 11:40am: Centennial Bank Regional President Davy Carter did not answer any of the questions posed by JonesboroRightNow following his meeting with bank officials at the bank’s headquarters in Conway. In a text message, Carter wrote “Referring you to the notice on our website www.my100bank.com and the letters that we sent out (to customers).” In that letter, the bank has offered customers a complimentary one-year subscription to a fraud monitoring service. There is a limited time for customers to utilize an activation code that is included with the letter.

Previously

Jonesboro, AR – (JonesboroRightNow.com) – April 22, 2024 – Centennial Bank, a financial institution based in Conway with 222 branches in Arkansas, Alabama, Florida, Texas, and New York City, revealed Friday it was the victim of what it is referring to as a “data security incident” that happened over a year ago.

The incident on April 6-7, 2023 resulted in a system-wide shut down. Online banking was at a stand-still, Centennial customers could not use their cards at ATMs, bank cards were being declined in stores, branches were not able to accept deposits or to complete withdrawals, bills that were supposed to be auto-debited were being declined, payroll checks that were supposed to be direct-deposited were not.

As a result, social media blew up about the problems. This image is a screenshot of Facebook activity dated April 7, 2023, referencing the incident:

Centennial customers were reportedly able to access their accounts and banking returned to normal early the following week (week of 4/10/23).

Until now, there has been no official explanation as to what transpired.

Centennial published the following explanation of the “data security incident” to its website on Friday (4/19/24), over a year after the initial event:

Centennial’s computer network was temporarily accessed without permission in April 2023. Although there was no identified impact or access to customer transactional systems, certain files were copied from other portions of the computer network on or about April 6- 7th. In response, we promptly commenced analyzing the activity while methodically containing the network to ensure its security. Our investigation included the assistance of cyber security specialists to assist in determining the nature and scope of the activity. Following the investigation, we completed a thorough programmatic and manual review of the files. On or about March 29, 2024, we completed this review and determined the scope of information present in the relevant files, and potentially accessed without authorization.

Although the data in the relevant files varies by individual, it may include name, Social Security number, government-issued identification number, financial account and/or credit/debit card information, health insurance information, medical information, username/email and password and/or other personal information.

Centennial takes this incident and the security of information within our care very seriously. Upon discovering this incident, we launched an in-depth investigation to determine the full nature and scope of the incident and moved quickly to assess the security of our systems and notify potentially affected individuals. As part of our ongoing commitment to the privacy of information within our care, we continually monitor and address technical security measures.

We encourage individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements and monitoring free credit reports for suspicious activity and to detect errors over the next 12 to 24 months. Individuals may also review the following section Steps You Can Take to Help Protect Your Personal Information for additional guidance to better protect against the possibility of identity theft and fraud. We also encourage individuals to enroll in the complimentary credit monitoring services offered.

If you have questions, please call our dedicated assistance line at (888) 680-9935, which is available Monday through Friday from 7:00 a.m. and 7:00 p.m., and Saturday from 8:00 a.m. to 2 pm Central Time.

A spokesperson for the bank said a letter containing the same basic information was mailed to customers on Friday.

Why did it take over a year for Centennial to notify its customers about the breach? JonesboroRightNow has asked that question, and several other questions about the incident, to Davy Carter, Regional President for Centennial Bank, based in Jonesboro. Carter said today he has referred our questions to another department within the company. He is having a meeting with members of that department Tuesday morning and says he will provide what information he can at that time.

We asked the Arkansas State Bank Commission if there are any regulations that specify how quickly a bank must notify customers of a breach that might put their personal information at risk. John W. Ahlen, IV is Deputy Bank Commissioner. Ahlen referred to Arkansas Code Annotated § 4-110-105. Disclosure of security breaches which reads:

(a)(1) Any person or business that acquires, owns, or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach of the security of the system to any resident of Arkansas whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (2) The disclosure shall be made in the most expedient time and manner possible and without unreasonable delay, consistent with the legitimate needs of law enforcement as provided in subsection (c) of this section, or any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the data system.

(b)(1) A person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee that there has been a breach of the security of the system immediately following discovery if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (2) If a breach of the security of a system affects the personal information of more than one thousand (1,000) individuals, the person or business required to make a disclosure of the security breach under subdivision (b)(1) of this section shall, at the same time the security breach is disclosed to an affected individual or within forty-five (45) days after the person or business determines that there is a reasonable likelihood of harm to customers, whichever occurs first, disclose the security breach to the Attorney General.

Centennial Bank is owned by Home BancShares, Inc., a bank holding company, headquartered in Conway.

According to website jdsupra.com, on January 8, 2024, Centennial Bank filed a notice of data breach with the Attorney General of Texas after “discovering that information that had been provided to the company was subject to unauthorized access.” In this notice, Centennial Bank explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses and financial account information.

It is unclear if the data breach referenced in Texas was related to the data security incident revealed Friday.

On April 28, 2023, three weeks after the then-undisclosed breach occurred, Centennial Bank was named by Forbes to be #15 among the World’s Best Banks in 2023.

It was the fourth consecutive year for Centennial to make the list.

News

11 hours ago

Downtown Jonesboro roads to be closed Wednesday

Roads in downtown Jonesboro will be closed on Wednesday for the Jonesboro High School homecoming parade.

News

12 hours ago

ASP: 3 dead in Cross County plane crash, 2 from Jonesboro

Arkansas State Police confirmed that three people, two of whom were from Jonesboro, died in a plane crash in Cross County on Monday.

Education

13 hours ago

A-State launches Trailblazer Scholarship for high-achieving incoming freshmen

A new scholarship is enabling students to attend Arkansas State University tuition-free, eliminating financial barriers.

News

16 hours ago

Craighead County Veterans Monument Foundation seeking parade participants

The Craighead County Veterans Monument Foundation is looking for participants for its 2025 Veterans Parade.

Ask The Expert

22 hours ago

Rees Law Firm breaks down steps in family law services

At Rees Law Firm, we provide services in criminal law, family law and personal injury. We’re breaking down the steps involved in some of our family law services.