Community Bank has reported a data breach caused by an employee's unauthorized use of an AI application, compromising sensitive customer information such as names, dates of birth, and Social Security numbers. The incident was disclosed in an SEC 8-K filing on May 7, 2026, and affects customers across Pennsylvania, Ohio, and West Virginia. The bank is currently notifying affected customers and complying with regulatory requirements. The breach highlights a significant gap in AI governance within the banking sector, as it was not the result of an external attack but rather internal misuse. This incident underscores the importance of strict AI risk management policies, as emphasized by banking regulators like the Office of the Comptroller of the Currency and the FDIC. Community Bank faces potential legal and regulatory consequences, including class-action lawsuits and financial penalties, as it assesses the full scope of the breach.