A few customers fell for a scam and gave their online banking login and password to a criminal. The criminal used the customer's password to access their OLB and issued bill payment checks. I see this as account takeover and bill pay fraud. Initially I did not think this was a cyber event since our customer gave out their password. I have a lot of IP addresses. When I read the definitions, it looks like I should report?

Cyber-Event: An attempt to compromise or gain unauthorized electronic access to electronic systems, services, resources, or information.

Cyber-Enabled Crime: Illegal activities (e.g., fraud, money laundering, identity theft) carried out or facilitated by electronic systems and devices, such as networks and computers.

Cyber-Related Information: Information that describes technical details of electronic activity and behavior, such as IP addresses, timestamps, and Indicators of Compromise (IOCs). Cyber-related information also includes, but is not limited to, data regarding the digital footprint of individuals and their behavior.

Should I mark this?
42 Cyber Event - b - Against Financial Institution Customer(s)

44 - Event Type - Would I pick Command and control IP address is one option. Would the event value be the amount of possible activity?

57 - Legal name of FI - I listed the entities where the bill payments were sent.

4 & 5 - Listed the payee on the bill payments.

24 - Relationship of the subject to an institution. Left this section blank.