STOCK TITAN
  1. Home
  2. Sec-filings
  3. CBFV
  4. [8-K] CB Financial Services, Inc. Reports Material Event

Customer data exposure at CB Financial Services (CBFV) prompts material cybersecurity filing

Filing Impact
(Moderate)
Filing Sentiment
(Neutral)
Form Type
8-K

Rhea-AI Filing Summary

CB Financial Services, Inc. reported a material cybersecurity incident at its subsidiary Community Bank involving improper handling of non‑public customer data through an unauthorized artificial intelligence-based software application. The issue was discovered on May 5, 2026 and deemed material on May 7, 2026.

The incident did not disrupt banking operations, customer access, payment systems, or core technology infrastructure. However, exposed data includes customer names, social security numbers and dates of birth. The company is investigating the scope and root cause with external cybersecurity advisors and notifying affected customers in line with federal and state requirements.

CB Financial Services is working with banking and financial regulators and has taken containment and remediation steps, including strengthening controls and monitoring. As of this disclosure, the company states the incident has not had, and is not expected to have, a material impact on its consolidated financial condition or results of operations.

Positive

  • None.

Negative

  • Material cybersecurity incident with sensitive data exposure – Customer names, social security numbers and dates of birth were disclosed via an unauthorized AI-based application, creating potential regulatory, legal and reputational risks despite no current material financial impact being reported.

Insights

Material data exposure with sensitive IDs, but no stated financial hit yet.

CB Financial Services reports a material cybersecurity incident where non‑public customer data, including names, social security numbers and dates of birth, were handled via an unauthorized AI-based tool. Operations, account access, payment systems, and core infrastructure reportedly remained unaffected.

The company is investigating with external cybersecurity advisors, notifying customers under federal and state rules, and coordinating with banking regulators. It is also tightening controls and monitoring. As of this disclosure, management states no current or expected material impact on consolidated financial condition or results, though reputational and compliance outcomes will depend on the investigation and regulator feedback.

Item 1.05 Material Cybersecurity Incidents Business
A cybersecurity incident that the company has determined to be material to investors.
Incident discovery date May 5, 2026 Date Community Bank became aware of the cybersecurity incident
Materiality determination date May 7, 2026 Date CB Financial Services determined the event to be material
Stated financial impact No material impact expected Management’s statement on consolidated financial condition and results
Material Cybersecurity Incidents regulatory
"Item 1.05. Material Cybersecurity Incidents On May 5, 2026, Community Bank..."
non‑public customer information financial
"an internal incident involving the handling of certain non‑public customer information..."
artificial intelligence-based software application technical
"using an unauthorized artificial intelligence-based software application."
regulatory guidance regulatory
"conducting notifications as required by applicable federal and state laws and regulatory guidance."
consolidated financial condition financial
"not expected to have, a material impact on the Company’s consolidated financial condition or results of operations."
Understanding 8-K Material Events →
0001605301FALSEMay 7, 2026May 7, 2026May 7, 2026May 7, 2026May 7, 2026May 7, 202600016053012026-05-072026-05-07

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 8-K
CURRENT REPORT
Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934
Date of Report (Date of earliest event reported): May 7, 2026
CB FINANCIAL SERVICES, INC.
(Exact name of registrant as specified in its charter)
Commission file number: 001-36706
Pennsylvania51-0534721
(State or other jurisdiction of incorporation or organization)(I.R.S. Employer Identification No.)

100 N. Market Street,Carmichaels,PA15320
(Address of principal executive offices)(Zip code)

(724)966-5041
(Registrant’s telephone number, including area code)

Not Applicable
(Former name or former address, if changed since last report)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
    Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)
    Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)
    Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))
    Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:
Common stock, par value $0.4167 per shareCBFVThe Nasdaq Stock Market, LLC
(Title of each class)(Trading symbol)(Name of each exchange on which registered)

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 or Rule 12b-2 of the Securities Exchange Act of 1934.  

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standard provided pursuant to Section 13(a) of the Exchange
Act.  ☐


Item 1.05.    Material Cybersecurity Incidents
On May 5, 2026, Community Bank (the “Bank”), the wholly-owned subsidiary of CB Financial Services, Inc. (the “Company”), became aware of an internal incident involving the handling of certain non‑public customer information using an unauthorized artificial intelligence-based software application. Upon discovery, the Bank promptly took steps to secure the information at issue and initiated an internal investigation with the assistance of external cybersecurity advisors. The investigation into the incident, including the scope and root cause, remains ongoing.

The incident did not involve a disruption to the Bank's operations, customer access to accounts or services, payment systems, or core information technology infrastructure; however, due to the volume and sensitive nature of the non-public information at issue, on May 7, 2026, the Company determined the event to be material. Among the customer information the Bank has determined was disclosed are customer names, social security numbers and dates of birth.

The Company is evaluating the customer data that was affected and is conducting notifications as required by applicable federal and state laws and regulatory guidance. The Company has been, and continues to be, in communication with relevant banking and financial regulators regarding the incident.

The Company has taken, and continues to take, actions designed to contain and remediate the incident. The Company remains committed to protecting its customers' data and is taking measures designed to prevent future similar incidents, including but not limited to, strengthening existing controls, implementing additional controls and enhancing monitoring measures.

As of the date of this disclosure, this incident has not had, and is not expected to have, a material impact on the Company’s consolidated financial condition or results of operations.


2

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.

 
CB FINANCIAL SERVICES, INC.
 
 
 
 
 
 
Date: May 11, 2026
By: 
/s/ John H. Montgomery
 
 
John H. Montgomery
 
 
President and Chief Executive Officer

3

Source: View Original Filing on SEC EDGAR

FAQ

What cybersecurity incident did CB Financial Services (CBFV) disclose?

CB Financial Services reported a material cybersecurity incident at Community Bank involving non‑public customer data handled through an unauthorized AI-based software tool. Exposed data includes customer names, social security numbers and dates of birth, prompting an investigation and regulatory communications.

Did the CB Financial Services (CBFV) cybersecurity incident disrupt banking operations?

No, the company states the incident did not disrupt operations, customer access to accounts or services, payment systems, or core information technology infrastructure. The issue centers on data exposure rather than system outages or transaction processing failures.

What customer data was exposed in the CB Financial Services (CBFV) incident?

The bank determined that exposed customer information includes names, social security numbers and dates of birth. This type of personally identifiable information is highly sensitive and can trigger notification duties under federal and state laws and regulatory guidance.

How is CB Financial Services (CBFV) responding to the cybersecurity incident?

The company secured the affected information, launched an internal investigation with external cybersecurity advisors, and is notifying customers as required. It is working with banking regulators and strengthening internal controls and monitoring to contain the incident and reduce future risk.

Will the CB Financial Services (CBFV) incident affect financial results?

As of this disclosure, CB Financial Services states the incident has not had, and is not expected to have, a material impact on its consolidated financial condition or results of operations. Future impact would depend on investigation outcomes, remediation costs and any regulatory actions.

When did CB Financial Services (CBFV) discover and deem the incident material?

Community Bank became aware of the incident on May 5, 2026, and CB Financial Services determined the event to be material on May 7, 2026. The investigation into the incident’s scope and root cause remains ongoing with external cybersecurity advisors.

Filing Exhibits & Attachments

3 documents

Other Documents