Orrstown Bank Data Breach Investigation
Orrstown Bank has been listed in a Maine Attorney General filing relating to a reported hacking/IT incident. The filing indicates that highly sensitive personal and financial information may have been involved, but detailed information from the official notice is not publicly accessible from the materials currently available. If you received a notice or believe your information may be affected, you should review your accounts and credit promptly. You can also fill out the form on this page to see whether Strauss Borrelli PLLC can evaluate a potential claim.
Orrstown Bank is a Pennsylvania bank. Based on the information provided, the incident was publicly listed through a Maine Attorney General filing, which suggests that residents outside Pennsylvania may also have been affected. Public detail remains limited to the regulatory record currently available.
Key Facts at a Glance
- Company: Orrstown Bank
- Industry: Banking
- Location listed: Pennsylvania
- Incident type: Reported hacking/IT incident
- Reported incident date: September 17, 2025
- Public listing date: June 11, 2026
- Individuals listed as potentially affected: 83,938
- Information reported as potentially involved: name, address, Social Security number, date of birth, driver’s license number, passport number, tax identification number, and financial account number
- Regulatory source: Maine Attorney General filing
What Happened?
According to the available regulatory filing, Orrstown Bank reported a hacking/IT incident. Detailed information from the official notice is not publicly accessible at this time, so the fuller narrative of what happened, how the activity was discovered, and when individual notices were sent cannot be confirmed from the source materials provided here. The structured case notes associated with this listing also reference Mercadien, P.C. CPAs as a third party involved and indicate the affected information was associated with a network environment. Because public details are still limited, affected people should rely on any direct notice they received and watch for additional updates from official sources.
What Information Was Exposed?
The Maine filing indicates that sensitive personal and financial information may have been involved. Reported data elements include names, addresses, Social Security numbers, dates of birth, driver’s license numbers, passport numbers, tax identification numbers, and financial account numbers.
When this combination of data is involved, the main risks can include identity theft, tax fraud, new-account fraud, account takeover attempts, and targeted phishing messages that use personal details to appear legitimate. Even if no misuse has been confirmed publicly, this type of information is important enough to justify close monitoring and quick protective steps.
What Should You Do Next?
- Review any notice you received. Check what the letter or email says about the information that may have been involved and whether any services were offered.
- Monitor your accounts and credit. Watch bank, credit card, and loan activity for charges, withdrawals, or account changes you do not recognize.
- Consider a fraud alert or credit freeze. If Social Security numbers, dates of birth, tax ID numbers, or government ID numbers may have been involved, a fraud alert or security freeze can help reduce the risk of new-account fraud.
- Change passwords and stay alert for scams. Be cautious with emails, texts, or calls that ask you to click links, share codes, or confirm personal information.
- Document problems and expenses. Save letters, screenshots, account statements, and any records of time or money spent dealing with the incident.
- Ask questions if you need legal guidance. If you believe your information may have been part of the reported Orrstown Bank incident, you can fill out the form on this page to see whether Strauss Borrelli PLLC can review your situation.
Your Legal Rights
People affected by a reported data incident may have legal rights if an organization failed to use reasonable safeguards for sensitive information or failed to provide notice required by applicable law. Whether a claim exists here depends on facts that are still developing, including what systems were involved, what protections were in place, and what information was actually accessible.
Depending on the facts and the law that applies, potential remedies in data incident cases can include compensation for unreimbursed losses, time spent addressing fraud risks, mitigation costs, and other related harm. This article is general information, not individualized legal advice, but preserving your notice letter and records can help if you later decide to explore your options.
Why Hire Strauss Borrelli PLLC?
Strauss Borrelli PLLC represents people affected by data breaches and privacy incidents and understands how to investigate cybersecurity disclosures, notice practices, and the real-world fallout for consumers. Our team can review the available filing, compare it with any notice you received, and explain in plain English whether the reported incident may support a claim.
If you have questions about the reported Orrstown Bank incident, Strauss Borrelli PLLC can help you understand the next steps without pressure or complicated legal jargon.
If you received a breach notification letter from Orrstown Bank:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
