MainStreet Bancshares (Nasdaq: MNSB & MNSBP), the financial holding company behind MainStreet Bank, has disclosed a data breach impacting some of its customers.
The incident, the company said in a filing with the US Securities and Exchange Commission, occurred in March 2025 and impacted a third-party vendor.
The Fairfax, Virginia-based bank says it immediately activated its incident response plan, launched an investigation into the matter, and terminated the vendor.
On April 28, the company determined that the personally identifiable information of approximately 4.65% of its customer base was compromised in the data breach.
“The company determined that its own information technology systems and networks had not been compromised or affected, no unauthorized transactions had been executed, no monies had been transferred to the unknown persons, and customers had been able to continue to execute transactions with the company,” MainStreet Bank told the SEC.
In a notification letter to the impacted individuals, a copy of which (PDF) was submitted to the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR), the company revealed that the incident involved a merchant’s payment card environment.
The incident spanned between April 17, 2023, and April 22, 2025, and resulted in card data such as card names, numbers, and expiration dates being compromised, the notification letter reads.
The company also says that it has no evidence that personal information such as Social Security numbers or MainStreet Bank account numbers might have been compromised.
MainStreet Bank, which operates six branches in Virginia and Washington DC, as well as around 55,000 ATMs, is advising the potentially impacted individuals to visit a branch to receive a new card, or request one to be mailed to them, as well as to review their account statements for any suspicious activity.
SecurityWeek emailed MainStreet Bank for additional details on the impacted customers, the compromised vendor, and who was responsible for the data breach and will update this article if the company responds.
Related: Adidas Data Breach Linked to Third-Party Vendor
Related: 364,000 Impacted by Data Breach at LexisNexis Risk Solutions
Related: Cartier Data Breach: Luxury Retailer Warns Customers That Personal Data Was Exposed
Related: TikTok Fined $600 Million for China Data Transfers That Broke EU Privacy Rules
