On February 11, 2025, the Maine Office of the Attorney General reported a data breach involving KeyBank N.A., which occurred on December 13, 2024, due to an external system breach (hacking). The breach affected 1,227 individuals in total, with 13 residents experiencing compromised personal information, including names, Social Security numbers, and account details. Identity theft protection services were offered to affected individuals.

On May 12, 2023, KeyBank experienced a data breach caused by insider wrongdoing, as reported by the Maine Attorney General's Office on June 7, 2023. The incident compromised sensitive information, including financial account numbers and personal details of 181 individuals, among whom 3 were residents of Maine. The exposed data poses a significant risk of identity theft and financial fraud. In response, KeyBank is providing affected individuals with two years of identity theft protection through Equifax Complete Premier to mitigate potential harm. The breach highlights vulnerabilities in internal controls, as the compromise stemmed from malicious or negligent actions by an employee or trusted insider. While the scale of the breach is relatively contained in terms of affected individuals, the nature of the exposed data—financial and personal—heightens the severity due to the potential for long-term fraudulent exploitation.

KeyBank suffered a breach incident because of a third-party vendor that serves multiple corporate clients. The hackers stole personal data including Social Security numbers, addresses, and account numbers of home mortgage holders. KeyBank notified all affected individuals about the breach.

The California Office of the Attorney General reported a data breach involving KeyBank on August 26, 2022. The breach occurred on July 5, 2022, when an unauthorized external party gained remote access to the Overby-Seawell Company (OSC) network, affecting KeyBank clients' mortgage information. The specific number of individuals affected is unknown.

The Washington State Office of the Attorney General reported a data breach involving KeyBank on August 26, 2022. The breach, which occurred between May 26, 2022, and July 12, 2022, affected 54,295 residents, with compromised information including names, mortgage details, and home insurance information. Social Security numbers were not impacted.

The breach reported by KeyBank on February 5, 2021, involved unauthorized access to customer accounts. The compromised information included names, addresses, account numbers, account balances, and transaction details. The number of affected individuals is unknown, but the breach has significant implications for customer trust and potential financial fraud.