News
Frost Bank data breach: what happened and what's at risk
BlogBreachesResourcesNews
Frost Bank data breach: what happened and what's at risk

Frost Bank data breach: what happened and what's at risk

UpGuard Team
UpGuard Team
May 20, 2026

Key facts: Frost Bank data breach

  • Date occurred: December 1, 2025
  • Date discovered: April 16, 2026
  • Date reported: May 20, 2026
  • Target entity: Frost Bank
  • Source of breach: Unknown, unauthorized third-party via Sefas Innovation
  • Data types: Names, addresses, Social Security numbers, taxpayer identification numbers, account numbers, dates of birth, loan numbers, tax information forms, bill pay check images
  • Status: Confirmed; reported on May 20, 2026.
  • Severity: Medium; the exposure of sensitive financial identifiers and Social Security numbers significantly increases the risk of identity theft and fraudulent account activity for affected customers.

What happened in the Frost Bank data breach?

Frost Bank (frostbank.com) was affected by a third-party data breach originating from Sefas Innovation, a provider of document composition and software development services. The incident was publicly reported on May 20, 2026, after Sefas discovered that an unauthorized group had gained access to its secure file transfer protocol (SFTP) server used for software support. While no specific threat actor has been identified, the breach involved the intermittent download of files containing Frost Bank customer data over a period of several months.

Forensic investigations revealed that the unauthorized access occurred between December 2025 and April 2026. The compromised files included highly sensitive information such as Social Security numbers, tax forms, and bill pay check images. This incident is classified as medium severity due to the exposure of financial account details and personal identifiers, which are often targeted for fraud. The breach underscores the critical security risks inherent in third-party software support environments and the importance of securing file transfer systems. Typical risks following such incidents include targeted phishing and financial exploitation.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for Frost Bank customers

The Frost Bank data breach poses significant risks to affected customers, particularly regarding identity theft and financial fraud. With Social Security numbers, account numbers, and loan details exposed, malicious actors may attempt to open fraudulent accounts or gain unauthorized access to existing banking services. Furthermore, the exposure of names and addresses makes customers vulnerable to sophisticated phishing campaigns, where attackers pose as legitimate bank representatives to solicit further sensitive information.

To mitigate these risks, affected individuals should closely monitor their financial statements and credit reports for any unauthorized activity. Implementing a credit freeze and enabling multi-factor authentication (MFA) on all financial accounts are effective protective measures. Frost Bank customers are encouraged to remain vigilant against unsolicited communications. Maintaining transparency regarding third-party vulnerabilities is essential for helping consumers protect their personal and financial well-being.

How to protect against similar security incidents

In light of the Frost Bank breach involving Sefas Innovation, customers and organizations should take immediate steps to secure sensitive financial data and monitor for signs of identity theft.

  • Monitor credit and financial accounts. Regularly review bank and loan statements for any unrecognized transactions or changes. Enroll in a credit monitoring service to receive real-time alerts about new credit inquiries or accounts. Consider placing a security freeze on your credit reports to prevent unauthorized accounts from being opened.
  • Protect sensitive personal identifiers. Since Social Security numbers were compromised, be extra vigilant for signs of identity fraud. Enable phishing-resistant multi-factor authentication (MFA) on all banking and email accounts. Use a dedicated password manager to ensure unique, complex passwords for every financial service you use.
  • Implement third-party risk management. Organizations should conduct frequent security audits of third-party vendors and software support channels. Monitor secure file transfer protocol (SFTP) servers for unusual access patterns or unauthorized downloads. Deploy continuous attack surface management tools to identify and remediate vulnerabilities within the supply chain.

Taking proactive security measures and staying informed are the best defenses against the long-term risks of a data breach.

Frequently asked questions

What happened in the Frost Bank security breach?

On May 20, 2026, Frost Bank (frostbank.com) disclosed a security breach. According to initial reports, a third-party software provider, Sefas Innovation, experienced unauthorized access to its SFTP server, leading to the exposure of Frost Bank customer files including tax forms and account numbers.

When did the Frost Bank breach occur?

The Frost Bank breach was publicly reported on May 20, 2026. The exact date of the attack has not been disclosed, though unauthorized access occurred intermittently between December 2025 and April 2026.

What data was exposed?

The incident exposed highly sensitive customer information, including names, addresses, Social Security numbers, taxpayer identification numbers, account numbers, dates of birth, loan numbers, tax information forms, and bill pay check images.

Is my personal information at risk?

If you interacted with Frost Bank, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

What steps should companies take after being breached?

Frost Bank and its partner Sefas Innovation have worked to secure systems, notify affected individuals, and provide guidance on protective actions. They are also reviewing security measures and deploying attack surface management to help prevent similar third-party incidents in the future.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.

How secure is Frost Bank?

Frost Bank operates as a full-service financial institution providing personal and business banking services, including checking and savings accounts, mortgage loans, wealth management, treasury management, and commercial lending. The company serves customers throughout Texas through its network of financial centers and digital banking platforms.
  • Check icon
    View our free preliminary report on Frost Bank’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View Frost Bank's score
View score
https://www.frostbank.com
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Lusamerica data breach exposes individual names

Lusamerica data breach exposes individual names

A data breach involving Lusamerica was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 18, 2026
Caesars Entertainment data breach: key facts and what we know so far

Caesars Entertainment data breach: key facts and what we know so far

A data breach involving Caesars Entertainment was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 19, 2026
Texas Tech University hit by data breach involving ShinyHunters

Texas Tech University hit by data breach involving ShinyHunters

A data breach involving Texas Tech University was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
Tilburg University data breach: what happened and what's at risk

Tilburg University data breach: what happened and what's at risk

A data breach involving Tilburg University was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 6, 2026
Houston ISD data breach: what happened and what's at risk

Houston ISD data breach: what happened and what's at risk

A data breach involving Houston ISD was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
University of Oklahoma data breach: ShinyHunters claims attack on Canvas platform

University of Oklahoma data breach: ShinyHunters claims attack on Canvas platform

A data breach involving University of Oklahoma was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 7, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating