Labels

Sarai Hannah Ajai's Incident Report for the Suspected Unauthorized Interference With ***** ***** Online Account Credentials and Account Access

 Incident Report

Subject: Suspected Unauthorized Interference With ***** ***** Online Account Credentials and Account Access
Reporting Party: Sarai Hannah Ajai
Date of Incident: March 19, 2026
Approximate Time Range: 11:35 AM through approximately 4:10 PM local time
Primary Financial Institution Involved: ***** *****
Related Devices / Accounts: Apple iCloud account, Apple Mac Mini M1, ***** ***** online banking profile, linked checking/savings/debit accounts

I. Executive Summary

On March 19, 2026, I undertook routine security-related credential maintenance on my personal Apple ecosystem by changing my Apple iCloud password at approximately 11:35 AM and my Apple Mac Mini M1 login password at approximately 11:42 AM. These changes were initiated voluntarily by me and performed directly on my own devices.

Later that same day, at approximately 3:47 PM, I attempted to access my ***** ***** online account using credentials previously known to be valid. During that login process, I encountered an unexpected security-screening message stating that the system was running a security check and that I might need to click “Log In” again after completion. After the delay, I was returned to the login screen and received an “Incorrect Login” message.

After repeated failed login attempts, I initiated the account recovery process and discovered that the User ID associated with my ***** ***** Bank online banking account appeared to have changed from the User ID I had previously established to a nearly identical User ID containing an additional digit at the end. I then proceeded through the password reset flow and regained access to the account at approximately 3:59 PM.

After regaining access, I reviewed the account and did not immediately observe unauthorized financial transactions. However, I remain concerned that an unauthorized individual access may have occurred for non-transactional purposes, including possible viewing, retrieval, or export of sensitive banking information such as my bank statements. I am also concerned by inconsistencies between the account behavior I experienced and the alerts and notifications reflected in the account records made available to me.

This report is intended to preserve the timeline, observations, supporting exhibits, and potentially relevant legal implications for investigative review.

II. Background and Prior Verified Credential Activity

On March 6, 2026, I lawfully updated my ***** ***** online banking credentials. According to an official ***** ***** Bank email, the bank notified me that my User ID had been changed.

A separate official ***** ***** Bank email notified me that my password was changed on 2026-03-07 at 12:56 AM with EST instead of 11:56 PM which is the correct time.

These two bank-generated messages corroborate that credential changes occurred during the March 6, 2026 time period and that ***** ***** Bank’s systems were configured to issue automated security notifications concerning User ID and password modifications.

For security reasons, the full password is not reproduced in this report. Any historical password information should be maintained separately in a secure evidence file and disclosed only when necessary to an authorized investigator, institution, or counsel.

I further state that after these March 6 credential updates, I was able to access the account successfully in the ordinary course, including a last confirmed successful login on or about March 14, 2026, without known login irregularities.

III. Incident Timeline

A. Apple Credential Changes Earlier the Same Day

On March 19, 2026, at approximately 11:35 AM, I changed the password to my Apple iCloud account as part of routine account-security maintenance.

At approximately 11:42 AM, I also changed the login password for my Apple Mac Mini M1 device. Both actions were initiated by me and performed intentionally on my own equipment.

At this time, I had no reason to expect that these Apple-related credential changes would affect or interfere with my separate ***** ***** credentials.

B. ***** ***** Bank Login Attempt and Security-Check Message

At approximately 3:47 PM on March 19, 2026, I attempted to log into my ***** ***** online account using the User ID and password I believed to be valid.

During that attempt, the banking website displayed the following message, or words substantially similar thereto:

“We’re running a security check that could take between 30 seconds and 2 minutes. Once completed, you may have to click ‘Log In’ again.”

This message is reflected in Exhibit A.

After the screening message, I was returned to the login page rather than being granted normal account access.

C. Repeated Login Failure

After being returned to the login page, I again attempted to access the account using the credentials then known to me. During these attempts, I received an error message indicating that the User ID or password was incorrect.

I made a total of approximately three login attempts, and each followed the same general sequence:

  1. The site displayed the security-check message.
  2. I was returned to the login screen.
  3. The site indicated that my login credentials were not correct.

This repeated pattern was unusual and inconsistent with my prior normal access experience.

D. User ID Recovery and Discovery of Altered User ID

Because the account would not accept the credentials I had previously established, I initiated the ***** ***** Bank User ID recovery process.

During that process, I discovered that the User ID associated with the account was no longer the User ID I had previously used. Instead, it appeared to include an additional digit appended to the end. This is reflected in Exhibit B.

Stated differently, the available account-recovery process suggested that the recognized User ID had changed from the version I had established on March 6, 2026 to a materially similar version with one extra trailing numeral.

That discrepancy is significant because it indicates that the online banking credential record may have been altered, overwritten, or otherwise changed after my prior successful use of the account.

E. Password Reset and Restoration of Access

After the failed login attempts and User ID recovery, I proceeded through the Forgot Login / Create Passwordsequence. The uploaded screenshots reflect that I reached the “Create Password” page and completed the reset process. This is reflected in Exhibit C.

At approximately 3:59 PM, I regained access to my ***** ***** online account.

F. Post-Access Review

After access was restored, I immediately reviewed the account.

At that time, I did not observe obvious unauthorized transactions, visible debit-card misuse, or immediately apparent balance changes. However, the absence of visible transactions does not eliminate the possibility that unauthorized access occurred for non-transactional purposes, including:

  • viewing account profile information,
  • retrieving account numbers or statement data,
  • examining linked account details,
  • preparing for later identity misuse,
  • or altering credential settings to test or preserve unauthorized access.

G. Alerts and Notification Concerns

The uploaded account screenshots indicate that the ***** ***** Bank alerts area reflected entries associated with account events on March 19, including entries such as “Password Changed,” “Password Reset Initiated,” and “Your User ID Has Been Retrieved.” Those screenshots are consistent with system-recognized credential-recovery activity on the date of the incident.

At the same time, I remain concerned that the account’s warnings, alerts, and system behavior did not fully correspond to what I experienced during the failed access attempts. In particular, I did not receive any warning explicitly identifying unauthorized access, repeated failed-login risk, or suspicious access from an unknown person or device.

Because of that mismatch, I am preserving this matter as a suspected unauthorized-access event rather than as a routine password-reset occurrence.

IV. Evidentiary Observations

Based on the materials provided, the evidence presently preserved includes the following:

  1. Exhibit A – Screenshot showing ***** ***** Bank’s security-check message during login.
  2. Exhibit B – Screenshot from the User ID recovery flow showing the User ID presented by the system after account recovery steps.
  3. Exhibit C – Screenshot reflecting the ***** ***** Bank “Create Password” page during the recovery/reset process.
  4. Exhibit D – Screenshot of the ***** ***** Bank alerts screen reflecting account-alert entries on March 19.
  5. Call log image – Mobile call history showing calls placed to or received from 911, a no-caller-ID return call identified by you as local police, and ***** *****’s customer-service number.
  6. Handwritten notebook page / preservation note – Photograph of contemporaneous written notes reflecting credential-related information and timestamps.
  7. Official ***** ***** Bank email: “Your User ID Has Been Changed” dated March 6, 2026.
  8. Official ***** ***** Bank email: “Password Changed” dated March 6, 2026, reflecting the password change timestamp as March 7, 2026 at 12:56 AM.

V. Legal Significance and Potentially Implicated Statutes

The following statutes are potentially implicated by the conduct described, depending on what a forensic review ultimately shows. This section is not a final legal conclusion that a crime occurred; it is a preservation-oriented analysis of statutes commonly relevant to suspected unauthorized credential interference, identity misuse, and financial-account compromise.

1. Computer Fraud and Abuse Act — 18 U.S.C. § 1030

Federal law prohibits certain forms of intentional access to a protected computer without authorization, or in excess of authorization, particularly where information is obtained or damage results. (U.S. Code)

If any person intentionally accessed your device, online-banking session, account-credential flow, or related systems without authorization, then 18 U.S.C. § 1030 may be relevant. This is the principal federal computer-intrusion statute. (U.S. Code)

2. Fraud and Related Activity Involving Identification Information — 18 U.S.C. § 1028

Federal law also criminalizes certain unauthorized uses of identification documents, authentication features, and identifying information. (U.S. Code)

If a third party altered, used, or leveraged your identifying account credentials, profile data, or other authentication-linked information in order to manipulate access to your financial accounts, 18 U.S.C. § 1028 may be implicated. (U.S. Code)

3. Aggravated Identity Theft — 18 U.S.C. § 1028A

Where a person knowingly uses another individual’s means of identification during and in relation to certain predicate felony offenses, federal aggravated identity theft provisions may apply. (U.S. Code)

If a later investigation were to show that your personal identifying information was used in connection with another federal felony offense, 18 U.S.C. § 1028A could become relevant. (U.S. Code)

4. Financial-Privacy and Safeguards Obligations — 15 U.S.C. § 6801

Federal law states that financial institutions must maintain safeguards to ensure the security and confidentiality of customer records and to protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience. (U.S. Code)

To the extent this matter involves unauthorized exposure of online-banking credentials, account records, or other nonpublic personal information, the safeguards principles reflected in 15 U.S.C. § 6801 are relevant to the preservation and investigation of the event. (U.S. Code)

5. Electronic Fund Transfer Act / Regulation E — 12 C.F.R. Part 1005

Regulation E governs consumer protections relating to electronic fund transfers, including liability and procedures for resolving errors involving unauthorized transfers. (eCFR)

At present, you have stated that you did not observe unauthorized transactions when you regained access. If unauthorized transfers are later discovered, 12 C.F.R. § 1005.11 and related Regulation E provisions become especially important for timely notice and error-resolution procedures. (eCFR)

VI. Analytical Assessment

Based on the presently available facts, the strongest and most defensible characterization is the following:

  • I had previously established and used ***** ***** Bank credentials successfully.
  • Official ***** ***** Bank emails confirm that my User ID and password had been changed during the March 6, 2026 period.
  • On March 19, 2026, the bank’s system unexpectedly forced a security-check loop during login.
  • The login process then rejected the credentials I believed valid.
  • The account-recovery process indicated that the User ID associated with the account had changed in a way I did not authorize.
  • I had regained access only after completing the recovery/reset sequence.
  • No obvious unauthorized transfers were immediately visible, but the event is still consistent with a suspected credential-compromise or account-access anomaly.

From an evidentiary standpoint, that is a cleaner and stronger framing than asserting as a proven fact that a hacker definitely entered the account. The evidence currently supports a suspected unauthorized credential alteration and/or unauthorized interference with account access, with additional concern for possible exposure of nonpublic financial information.

VII. Formal Statement

I, Sarai Hannah Ajai, state that on March 19, 2026, after conducting lawful security updates to my Apple iCloud and Apple Mac Mini M1 credentials earlier in the day, I attempted at approximately 3:47 PM to access my ***** ***** online account using credentials previously established and previously functional. During that access attempt, I encountered an unexpected security-screening message, after which I was returned to the login screen and informed that my User ID or password was incorrect.

After repeated unsuccessful attempts, I initiated the User ID recovery process and observed that the User ID recognized by the system appeared different from the User ID I had previously established, specifically by the addition of an extra digit at the end. I then completed the password-reset process and regained access to the account at approximately 3:59 PM.

After regaining access, I did not immediately observe unauthorized transactions. However, I remain concerned that unauthorized access may have occurred for non-transactional purposes, including the possible viewing, retrieval, or use of my banking information or associated identifying data. I am preserving this incident for investigation, recordkeeping, and potential referral to appropriate institutions or authorities.

VIII. Recommended Preservation and Follow-Up

For a stronger record, keep the following together in one evidence set:

  • original screenshots in native format,
  • the original PDFs of the ***** ***** Bank emails,
  • the original call-log image,
  • my handwritten contemporaneous notes,
  • any ***** ***** Bank email headers if available,
  • any browser history entries showing timestamps for the login and recovery flow,
  • device logs from the Mac Mini if available,
  • Apple security/account activity records,
  • and my written list of every person or institution you contacted that day, including times and approximate call durations.

I will also preserve the exact spelling of both the prior User ID and the recovered User ID in a separate secure note, since that difference is central to the incident narrative.

cid:clip_image001.png

IX. Short Evidence Note for Attachment Captioning

I have caption each exhibits like this:

  • Exhibit A: ***** ***** Bank login security-check screen encountered on March 19, 2026 at approximately 3:47 PM.
  • Exhibit B: ***** ***** Bank User ID recovery screen reflecting account User ID returned by the system.
  • Exhibit C: ***** ***** Bank password-reset / create-password screen used to regain account access.
  • Exhibit D: ***** ***** Bank alerts screen reflecting credential-recovery related alerts on March 19, 2026.
  • Exhibit E: Official ***** ***** Bank email dated March 6, 2026 stating “Your User ID Has Been Changed.”
  • Exhibit F: Official ***** ***** Bank email dated March 6, 2026 stating “Password Changed,” with change timestamp shown as March 6, 2026 at 12:56 AM EST should have been 11:56 PM.















Labels:
Location: Fargo, ND, USA

Comments

Post a Comment