2023-04-21 MIDDLEFIELD BANC CORP Cybersecurity Incident

Page last updated on April 11, 2024

MIDDLEFIELD BANC CORP initially disclosed a cybersecurity incident in an SEC 8-K filing on 2023-04-21 17:03:00 EDT.

Company Summary

The Middlefield Banking Company (“MBC”). MBC is a full-service community bank offering a wide range of banking services to individuals and small businesses that fit the individual needs of its Central, Western and Northeast Ohio communities. MBC operates 21 full-service banking centers and an LPL Financial® brokerage office serving Ada, Beachwood, Bellefontaine, Chardon, Cortland, Dublin, Garrettsville, Kenton, Mantua, Marysville, Middlefield, Newbury, Orwell, Plain City, Powell, Solon, Sunbury, Twinsburg, and Westerville. The Bank also operates a Loan Production Office in Mentor, Ohio.
Source: Middlefield Bank

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date:
Disclosure Date: 2023-04-21
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2023-04-21

MIDDLEFIELD BANC CORP filed an 8-K at 2023-04-21 17:03:00 EDT
Accession Number: 0001193125-23-110661

Item 8.01 Other Events.

On April 12, 2023, Middlefield Banc Corp. (the “Company”) learned of a cyber-attack that resulted in a disruption to the computer systems of The Middlefield Banking Company (the “Bank”), the Company’s banking subsidiary. The Bank took immediate action to remediate the security vulnerability and retained a cybersecurity firm to investigate the nature and scope of the incident, evaluate systems and identify solutions, and confirm what data has been impacted by this event, if any. The Bank also notified law forcement. The Bank’s products and services are fully operational. The Bank has placed additional security measures in place and will continue to actively monitor any suspicious activity. The investigation is on-going at this time, including confirming what, if any, customer data has been impacted by this event.

We have incurred expenses to investigate and remediate the cyber-attack and expect to continue to incur expenses. The Bank has retained special legal counsel. Although cyber-attacks can be unpredictable, the Company does not currently expect this incident will have a material impact on its business operations or its financial results.

8-K filed on 2023-12-21

MIDDLEFIELD BANC CORP filed an 8-K at 2023-12-21 06:01:54 EST
Accession Number: 0001193125-23-300259

Item 8.01 Other Events.

As previously disclosed on April 21, 2023, Middlefield Banc Corp. (the “Company”) learned of a cyber-attack that resulted in a disruption to the computer systems of The Middlefield Banking Company (the “Bank”), the Company’s banking subsidiary. The Bank took immediate action to remediate the security vulnerability and retained a cybersecurity firm to investigate the nature and scope of the incident, evaluate our systems, identify solutions, and confirm what data had been impacted by this event, if any. The Bank also notified law forcement.

Our forensic review has determined that nonpublic information relating to current and former employees, customers and others was obtained from our systems during this incident. While the information varies by individual, some of the types of information that may have been obtained include name, Social Security number, driver’s license information, date of birth, financial account information, medical information, passport number, payment card information, and username and password. We have begun notifying all potentially impacted individuals in accordance with applicable law. The Bank is also notifying regulatory authorities in accordance with applicable law. We will offer complimentary identity protection services to all potentially impacted individuals.

The Company does not believe the incident will have a material adverse effect on its business, operations, or financial results. The Company remains subject to risks and uncertainties due to the incident, including potential litigation, changes in customer behavior, and additional regulatory scrutiny.

Company Information