Frost Bank Faces Class-Action Lawsuit After Data Breach Exposes 100,000 Customers

Frost Bank is facing class-action lawsuits after a data breach exposed personal information of more than 100,000 customers, according to reports from April 2026.

The breach reportedly involved a third-party vendor, a pattern that has become increasingly common in financial sector cyberattacks. Attackers often target vendors with access to multiple institutions' systems, allowing them to reach a large number of victims through a single compromise.

Vercel, a web infrastructure company, also confirmed signs of compromise in a small number of customer accounts in April, separate from an earlier incident. Attackers targeted credentials and customer accounts.

Dutch cosmetic company Rituals confirmed a breach and theft of data from its "My Rituals" membership database. Health data from UK Biobank was reportedly spotted for sale in China, with the government confirming medical information from 500,000 participants was involved.

CISA gave U.S. government agencies a two-week deadline to patch a Microsoft Defender BlueHammer zero-day exploit. A hidden SIM flaw was also reported to allow location tracking even when using a VPN.

Cybersecurity agencies are warning about China-linked actors using covert networks for espionage and offensive operations, increasing pressure on critical infrastructure operators.

Japan created a financial-sector task force to examine AI-related cybersecurity risks, particularly concerns about advanced AI models finding software vulnerabilities faster than institutions can patch them.

Security experts are urging organizations to review third-party vendor access, implement zero-trust architectures, and conduct regular penetration testing to identify weaknesses before attackers do.