If your company bank account has been hacked, your first priority is to immediately contact your bank and freeze all transactions. Call the fraud department directly using the number on your bank statement or website—not any number provided in suspicious communications—and report unauthorized activity within the hour. Most banks have 24-hour fraud hotlines specifically designed for business accounts, and early notification can prevent further unauthorized transfers and may limit your liability.
In 2023, the FBI reported that business email compromise attacks alone cost companies over $2.7 billion, with many attacks culminating in fraudulent wire transfers from compromised bank accounts. The steps you take in the first few hours after discovering a hack will determine whether you can recover funds, prevent additional theft, and protect your business from further exploitation. This guide covers the immediate actions to take, how to investigate what happened, what recovery options are available, and how to prevent future breaches.
Table of Contents
- How to Immediately Respond to a Hacked Business Bank Account
- Understanding the Investigation Process and Your Liability Limits
- Identifying How Your Account Was Compromised
- Steps to Recover Compromised Funds
- Cyber Insurance and Financial Recovery Limits
- Notifying Employees, Vendors, and Stakeholders
- Preventing Future Bank Account Compromise
- Conclusion
- Frequently Asked Questions
How to Immediately Respond to a Hacked Business Bank Account
After contacting your bank, change all passwords for accounts connected to your banking system—your email, accounting software, payment processors, and any third-party financial services. Attackers who gain access to one system often pivot to others, so you need to lock down the entire ecosystem quickly. If employees can access the account remotely, disable all active sessions and require new logins with temporary passwords. Document everything you do: the time you called the bank, the name of the representative, what they said, any confirmation numbers, and screenshots of suspicious transactions. This documentation will be crucial for your bank’s fraud investigation and for any subsequent insurance claims.
Your bank will likely freeze the account temporarily while they investigate. During this period, you’ll need alternative ways to pay bills and meet payroll. Set up temporary arrangements with your accountant or finance team—some companies establish a secondary account at a different bank as a safeguard. The temporary freeze is actually protective, even though it creates short-term inconvenience. Banks that move quickly can often halt pending fraudulent transfers before they clear, potentially saving thousands or even millions depending on the attack’s scope.

Understanding the Investigation Process and Your Liability Limits
Banks have specific procedures for fraud investigations on business accounts, though your liability protections differ significantly from consumer accounts. Consumer checking accounts are protected under Regulation E, which limits liability to $50 if fraud is reported within 60 days. Business accounts have weaker protections—often you’re liable for the full amount unless you can prove negligence by the bank. This critical difference means business owners should prioritize speed and documentation even more than consumers. The Uniform Commercial Code, which governs commercial checking accounts in most states, is less favorable to businesses, placing heavier burden on you to demonstrate the bank’s failure to exercise reasonable care.
The investigation itself typically takes 10 to 45 business days, though complex cases can extend longer. During this period, the bank examines logs, compares signatures on checks, analyzes IP addresses and device information, and interviews relevant employees. A significant limitation is that banks can only recover funds if the receiving bank cooperates and the money hasn’t been transferred further or spent. If a fraudster transferred your money to a cryptocurrency exchange or a bank in another country, recovery becomes vastly more complicated or impossible. Many victims discover that their stolen funds have been moved multiple times through a chain of accounts before the trail goes cold.
Identifying How Your Account Was Compromised
Common vectors for business bank account compromise include employee credential theft (where an attacker obtains login credentials for someone with access), business email compromise via phishing, malware on company computers, compromised third-party service providers, and inside fraud. To identify which occurred, work with your bank’s fraud team to review access logs, login locations, and IP addresses associated with unauthorized transactions. If transactions were authorized using your company’s standard security procedures—legitimate usernames, known IP addresses, correct multifactor authentication—the compromise likely involved either stolen employee credentials or a breach of your third-party payment processor. Examine your email security logs during the breach window.
Phishing attacks that lead to business bank account compromise often involve emails that appear to come from your bank, payment processor, or executive team asking to verify login credentials or confirm unusual activity. Employee training records matter here: if an employee fell for a phishing email, it’s a teachable moment but also indicates a vulnerability in your security awareness. Compare the dates of suspicious logins or transactions against any recent password changes, software updates, or new third-party integrations your company implemented. Sometimes the compromise occurred weeks or months before anyone noticed, so the actual breach event may predate the discovery by a significant margin.

Steps to Recover Compromised Funds
Recovery success depends heavily on speed and jurisdiction. If the fraudster transferred money through the Automated Clearing House (ACH) system within your bank or to another U.S. bank, there’s a better chance of recovery if you file a claim within one to two business days. ACH transfers can be challenged as unauthorized, and receiving banks are often required to assist in returning funds if they can prove the receiving account still holds the money. Wire transfers are harder to recover because the receiving institution has less obligation to assist, and funds leave the U.S. banking system more easily.
If your company lost $50,000 to a wire transfer sent overseas, the FBI’s Internet Crime Complaint Center can log the complaint, but actual recovery is unlikely without cooperation from law enforcement in the receiving country. International recovery is extremely difficult. If hackers transferred your money to accounts in countries with weak financial regulations or limited cooperation with U.S. law enforcement, you’ve essentially lost those funds. Some security firms specialize in fund recovery and charge significant fees (often 15-30% of recovered amounts) with no guarantee of success. Your best recourse is comprehensive cyber insurance, which typically covers theft of funds due to hacking, business email compromise, and social engineering—but insurance payouts also have limitations, waiting periods, and require documented losses.
Cyber Insurance and Financial Recovery Limits
Most standard business insurance policies don’t cover cyber theft or hacking losses—you need a separate cyber liability or crime insurance policy. These policies typically cover losses from business email compromise, ransomware attacks, and unauthorized access to financial accounts, but they include deductibles (often $10,000 or higher), sub-limits on certain types of losses, waiting periods before coverage kicks in, and strict documentation requirements. If your company doesn’t have cyber insurance and loses $100,000 to hackers, you’ll likely absorb that loss entirely unless you can prove the bank failed in its duty to protect your account. A major limitation is that cyber insurance doesn’t cover all fraud.
If one of your employees intentionally transferred company funds to their personal account and the bank system worked as designed, cyber insurance won’t pay—that’s embezzlement, a different problem entirely. Additionally, policies often require you to carry certain security measures as a condition of coverage: multifactor authentication, regular password changes, security awareness training, and documented incident response procedures. If you can’t prove you implemented these controls, insurers may deny claims. Some policies also have exclusions for losses that stem from not following the insurer’s recommended security practices.

Notifying Employees, Vendors, and Stakeholders
Once you’ve reported the fraud to your bank and documented the situation, you need to notify employees and potentially customers or vendors, depending on what data was exposed in the breach. If the hacker accessed customer payment information, you may have legal obligations to notify customers under state data breach notification laws. If employee information was compromised, similar notification duties apply. The notification doesn’t need to disclose the full details of your security failures, but you should explain what happened, what you’ve done to fix it, and what steps affected parties should take to protect themselves (like monitoring credit reports).
Internal notification is important for morale and information control. Employees will find out—whether through rumors, noticing disruptions to normal processes, or press coverage—and you’re better off explaining it directly than having them speculate. Explain that the breach wasn’t due to negligence on their part (unless it was, in which case address that separately), what precautions you’re implementing, and how business operations will continue. For vendors and partners, transparency about the breach builds trust, even though it’s uncomfortable. Vendors who trust you to be transparent about problems are more likely to continue relationships and work with you on solutions.
Preventing Future Bank Account Compromise
After recovering from the immediate crisis, implement stronger controls: segregate banking access (fewer employees have authorization), require dual approval for transactions above certain amounts, use multifactor authentication on all banking accounts, implement address verification for wire transfers, and establish a separate account for critical expenses that remains offline except during actual transactions. Some companies use a “zero-trust” banking model where every transaction is reviewed by multiple people, no matter the amount. This adds administrative overhead but makes large-scale fraud vastly harder.
Looking forward, expect that banking security will evolve toward more sophisticated biometric verification and real-time fraud detection. Some banks now use AI to flag unusual transaction patterns in real-time, blocking suspicious activity before it completes. However, these tools are only as good as the data they’re trained on, and determined attackers will continue to find new vectors. Your long-term security strategy should include ongoing employee training, regular security audits, involvement of IT professionals in banking system design, and maintaining cyber insurance as a safety net for the threats you can’t prevent entirely.
Conclusion
If your company bank account is hacked, act immediately: call your bank’s fraud department on their official number, change all connected passwords, document everything, and cooperate fully with the fraud investigation. Your liability for unauthorized transactions depends on whether you can prove the bank failed to exercise reasonable care, making speed and documentation critical for potential recovery. Accept that some funds may be unrecoverable, especially if transferred internationally, and ensure your company carries cyber insurance to cover gaps in liability.
Prevention is more effective than recovery. Implement multifactor authentication, require dual approval for transactions, educate employees about phishing, monitor access logs regularly, and design your banking systems assuming that one employee credential may be compromised. The combination of robust controls, employee awareness, and comprehensive insurance gives your business the best protection against this increasingly common crime.
Frequently Asked Questions
How long does a bank fraud investigation take?
Most bank fraud investigations take 10 to 45 business days. Complex cases involving multiple transfers or international accounts can take longer. Your bank should provide a timeline when you report the fraud.
Can I recover money transferred to a cryptocurrency exchange?
Recovery from crypto exchanges is extremely difficult. Once funds are converted to cryptocurrency and transferred to external wallets, tracing them requires cooperation from the exchange and law enforcement, which is rarely successful. This is one reason international recovery is so challenging.
What if an employee intentionally stole from the company bank account?
That’s embezzlement, not hacking, and requires different handling. Cyber insurance typically doesn’t cover intentional theft by employees. You would need to pursue the employee legally and possibly file a police report.
Should I notify customers if their payment information was exposed?
Yes, if customer payment data was accessed. Most states have data breach notification laws requiring you to notify affected individuals. Check your state’s specific requirements and consult legal counsel.
Does the bank’s multifactor authentication protect against business email compromise?
MFA helps, but it doesn’t prevent all attacks. If an attacker compromises an employee’s email and credentials, they may bypass MFA if they control the employee’s phone or email recovery options. MFA is necessary but not sufficient on its own.
What should I do about the employee whose credentials were stolen?
If theft wasn’t intentional, treat it as a learning opportunity. Reset their password, require them to change passwords for personal accounts (if they reused passwords), offer security awareness training, and monitor for further compromise of their accounts.
