Data Breach Notifications

Entity Information

  • Type of Organization: Financial Services
  • Entity Name: Old Point National Bank
  • Street Address: P.O. Box 3392
  • City: Hampton
  • State, or Country if outside the US: VA
  • Zip Code: 23663

Submitted By

  • Name: Eugene M. Jordan, II
  • Title: General Counsel
  • Firm name (if different than entity):
  • Telephone Number: 757-599-2205
  • Email Address: gjordan@oldpoint.com
  • Relationship to entity whose information was compromised: General Counsel

Breach Information

  • Total number of persons affected (including residents): 16496
  • Total number of Maine residents affected: 7
  • If the number of Maine residents exceeds 1,000, have the consumer reporting agencies been notified: Yes
  • Date(s) Breach Occured: ~09/02/2022
  • Date Breach Discovered: 09/03/2022
  • Description of the Breach:
    • External system breach (hacking)
  • Information Acquired - Name or other personal identifier in combination with: Social Security Number

Notification and Protection Services

  • Type of Notification: Written
  • Date(s) of consumer notification: 11/08/2022
  • Copy of notice to affected Maine residents: ELN-16208 Old Point National Ad r3prf.pdf
  • Date of any previous (within 12 months) breach notifications:
  • Were identity theft protection services offered: Yes
  • If yes, please provide the duration, the provider of the service and a brief description of the service: It appears that an unauthorized user accessed one of Old Point’s business email accounts, on or about September 2, 2022. While the unauthorized user appears to have been located in Nigeria, there is no indication that any foreign government was involved. Through a review of that email account, we determined that the unauthorized user might have been able to access personal information of some Old Point loan applicants. Old Point is just one of more than 1,000 businesses to suffer a cyber intrusion in the past year. Based on Old Point’s investigation, there is no direct evidence that customer information was accessed and taken by the unauthorized user. Out of an abundance of caution, Old Point, a financial institution, is still notifying potentially-impacted persons in compliance with the Gramm Leach Bliley Act and associated regulations. As described in detail in the attached notification letters to potentially affected customers, if information was acquired it could have included the names, Social Security numbers, driver’s license numbers, loan balances, and Old Point account numbers of affected individuals. We discovered the incident on or about September 3, and promptly took steps to secure our systems and begin investigating the nature and scope of the incident. We have engaged leading outside security experts to assist with our investigation and are implementing various cybersecurity enhancements. We are working closely with and supporting criminal investigations by the Virginia State Police HITECH Crimes Unit, the Virginia Fusion Center, the FBI, and CISA. Old Point has arranged to provide potentially-affected individuals with one year of identity/credit monitoring and identity restoration services through Kroll at no cost to them.