Wells Fargo recently disclosed that an unauthorized individual accessed certain customers’ personal information through Wells Fargo Online® between December 2 and December 8, 2025. The incident may have exposed sensitive banking details, including account numbers.
Wells Fargo’s Data Breach Investigation
Wells Fargo notified customers of a cybersecurity incident involving unauthorized access to personal information through its online banking platform, Wells Fargo Online®. According to the bank, between December 2, 2025 and December 8, 2025, an unauthorized individual gained access to certain customer accounts.
Wells Fargo indicated that the unauthorized access may have occurred because the customer’s username and password were obtained from sources outside of Wells Fargo’s systems. The bank explained that this can happen when individuals reuse usernames and passwords across multiple websites or respond to phishing emails or other fraudulent communications.
While the bank did not indicate that its internal systems were breached in a traditional hacking attack, unauthorized access to online banking accounts can still have serious consequences. Once access credentials are compromised, unauthorized individuals may view account information and potentially attempt fraudulent transactions.
The personal information involved may have included customers’ names, address information, and bank account numbers—though without access codes. Even without access codes, exposure of bank account numbers and personal identifying information can increase the risk of phishing scams, fraudulent withdrawals, and identity theft.
Wells Fargo reported that it promptly responded to the incident and has been working to notify affected customers. The bank stated that it is taking steps to monitor impacted accounts for suspicious events or changes and continues to review and enhance its security measures to reduce the likelihood of similar incidents occurring in the future.
As part of its response, Wells Fargo is offering affected individuals a complimentary two-year subscription to Experian IdentityWorksSM. This service provides identity theft detection services, including daily monitoring of credit reports from the three national credit reporting agencies—Experian, Equifax®, and TransUnion—along with internet surveillance and full-service identity restoration in the event of identity theft.
While identity monitoring services can help detect misuse of personal information, they do not prevent unauthorized access or identity theft from occurring. The exposure of online banking credentials or account information—even if obtained externally—raises concerns about account security and long-term financial risk.
Financial institutions have a responsibility to implement reasonable security measures to safeguard customer information. When unauthorized access occurs, affected customers may experience stress, lost time, and potential financial harm. At Class Action U, we believe consumers deserve transparency and accountability when their sensitive financial information is exposed.
If you received a notification from Wells Fargo, understanding the scope of the incident and learning about your rights is an important step in protecting yourself.
When Did This Breach Occur?
According to Wells Fargo:
-
Date(s) the Breach Occurred: December 2, 2025 – December 8, 2025
-
Date the Breach Was Discovered: Not specified in the notice
Wells Fargo detected the unauthorized access during the December 2–8, 2025 timeframe and subsequently began notifying affected customers.
What Information Was Breached?
The personal information that may have been involved includes:
Although access codes were reportedly not involved, exposure of account numbers can still increase the risk of fraud.
What You Can Do
If you received a notification from Wells Fargo, consider taking the following steps to protect yourself:
-
Activate the complimentary two-year Experian IdentityWorksSM subscription within 60 days of the date on your notification letter.
-
Monitor your Wells Fargo account and transaction history for unauthorized activity.
-
Update your online banking password and ensure you use a unique, strong password not used on other websites.
-
Enable multi-factor authentication (MFA) on all financial accounts.
-
Review your credit reports for unfamiliar accounts or inquiries.
If you detect unauthorized transactions, report them to Wells Fargo immediately. Even if no fraud has occurred, remaining vigilant can help prevent future harm.
You may also wish to explore your legal rights. Many individuals are unaware that they may be eligible to participate in a class action lawsuit following unauthorized access to their financial accounts. Understanding your options can help you determine whether you may be entitled to compensation.
File a Data Breach Lawsuit Against Wells Fargo
If you received notice that your personal information was accessed through Wells Fargo Online®, you may have the right to pursue legal action.
Data breach lawsuits seek to hold financial institutions accountable when customers’ sensitive information is exposed or accessed without authorization. Compensation may include reimbursement for financial losses, time spent addressing fraud concerns, credit monitoring costs, and other related damages.
You do not have to navigate this situation alone. Learning about your legal rights can empower you to take action and potentially recover compensation.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
