On February 11, 2025, KeyBank filed a notice of data breach with the Attorney General of Massachusetts after discovering that an incident at Wong Fleming, P.C., a third-party vendor used by KeyBank, compromised information that had been provided to KeyBank. In this notice, KeyBank explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, birthdates, Social Security numbers, phone numbers, email addresses, driver’s license numbers, and account numbers. Upon completing its investigation, KeyBank began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from KeyBank or Wong Fleming, P.C., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the KeyBank data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting KeyBank Customers?
The KeyBank / Wong Fleming data breach was only recently announced, and more information is expected in the near future. However, KeyBank’s filing with the Attorney General of Massachusetts provides some important information on what led up to the breach. According to this source, on January 16, 2025, Wong Fleming, a law firm that provides “asset recovery” services for KeyBank, informed KeyBank that an unauthorized party gained remote access to its network. After conducting an investigation, Wong Fleming learned that the unauthorized party had access to files containing KeyBank customer information. However, the incident did not affect KeyBank’s systems.
After learning that sensitive consumer data was accessible to an unauthorized party, KeyBank reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, birth date, Social Security number, phone number, email address, driver’s license number, and account number.
On February 11, 2025, KeyBank sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About KeyBank and Wong Fleming, P.C.
KeyBank is a regional financial services institution offering a wide range of banking, lending, and investment solutions to individuals, businesses, and corporations. Headquartered in Cleveland, Ohio, the bank operates as a subsidiary of KeyCorp and serves clients across the United States through its network of branches and digital banking services. The organization employs approximately 17,000 people and generates an estimated $6 billion in annual revenue.
Wong Fleming, P.C. is a full-service law firm specializing in litigation, corporate law, and legal compliance services for businesses, financial institutions, and government entities. Headquartered in Princeton, New Jersey, the firm provides counsel in areas such as commercial litigation, employment law, intellectual property, real estate, and creditors' rights. Wong Fleming, P.C. serves clients across the United States and internationally. The organization employs approximately 100 people and generates an estimated $24 million in annual revenue.
