Malware
Truist Bank Admits Security Breach as Stolen Data Surfaces on Hacking Forum: Protect Your Finances Now
Truist Bank has confirmed a data breach after stolen customer information appeared on a hacking forum. The breach, linked to the Accellion FTA vulnerability, exposed data including names, addresses, and Social Security numbers. Truist is offering free identity protection services to affected customers and has implemented additional security measures to prevent future incidents.
Imagine waking up one morning to find your bank account emptied, and you have no idea how it happened. That’s the nightmare scenario many face as cyberattacks on financial institutions become more commonplace. One such attack happened to Truist Bank, a leading U.S. commercial bank, in October 2023. This week, the bank confirmed the breach after a threat actor posted some of the company’s data for sale on a hacking forum.
A Bit of Background on Truist Bank
Headquartered in Charlotte, North Carolina, Truist Bank emerged in December 2019 from the merger of SunTrust Banks and BB&T (Branch Banking and Trust Company). Today, as a top-10 commercial bank with total assets of $535 billion, Truist offers a wide range of services, including consumer and small business banking, commercial banking, corporate and investment banking, insurance, wealth management, and payments.
What’s at Stake and How Much?
A threat actor, known as Sp1d3r, is selling what they claim is stolen data containing information belonging to 65,000 employees for a whopping $1 million. The data also allegedly contains bank transactions with names, account numbers, balances, and source code for Truist Bank’s Interactive Voice Response (IVR) automated phone system for transferring funds. This was first spotted by DarkTower intelligence analyst James Hub.
While we couldn’t independently verify these claims, it’s concerning for both the bank and its customers. A spokesperson for Truist Bank acknowledged the incident, stating, “In October 2023, we experienced a cybersecurity incident that was quickly contained.”
Truist Bank’s Response
Truist Bank worked with outside security consultants to conduct a thorough investigation, secure their systems, and notify a small number of clients last Fall. They also regularly work with law enforcement and cybersecurity experts to help protect their systems and data. The spokesperson added, “Based on new information from the ongoing investigation of the October 2023 incident, we have notified additional clients. We have found no indication of fraud arising from this incident at this time.”
It’s worth noting that the same threat actor, Sp1d3r, is also selling data stolen from cybersecurity company Cylance for $750,000, and they previously put up for sale 3TB of data belonging to automotive aftermarket parts provider Advance Auto Parts.
Why Should You Care?
As a consumer, it’s essential to be aware of the risks associated with financial institutions and take steps to protect your sensitive information. Cyberattacks can lead to identity theft, financial loss, and emotional distress. If your bank or financial institution experiences a breach, be proactive, and monitor your accounts for any suspicious activity.
How Can We Help?
Here at IT Services, we understand the importance of cybersecurity and the potential risks associated with cyberattacks. That’s why we’re dedicated to providing you with the latest information and helping you stay informed and prepared. We encourage you to contact us to learn more about our services, and keep coming back to stay updated on the latest cybersecurity news.