Truist Bank, a premier U.S. commercial bank headquartered in Charlotte, North Carolina, has confirmed its systems were breached in a cyberattack in 2023.
The data breach became impossible to ignore after a threat actor published some of the data stolen from the bank on a cybercrime forum. The bank, founded from the merger of BB&T and SunTrust Bank in December 2019, is currently a top-10 commercial bank with assets totaling $535 billion.
Sp1d3r, the threat actor responsible for the leak, is allegedly selling stolen data including private info of approximately 65,000 employees, at an asking price of $1 million for the bulk of it.
The perpetrator claims the data dump also contains bank transactions with names, account numbers, balances, and IVR funds transfer source code. However, the claims couldn’t be verified.
BleepingComputer cited a Truist Bank representative as saying: "In October 2023, we experienced a cybersecurity incident that was quickly contained. In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last Fall.”
The spokesperson also said the bank has notified additional clients based on new information unveiled by the investigation. Furthermore, the bank has reportedly found no evidence of fraud resulting from the incident.
Although good cyber hygiene can help mitigate the risk of data leaks, data breaches can occur unexpectedly and indiscriminately despite stringent preventive efforts. Consequently, instead of solely relying on preventive strategies, it may be necessary to manage the aftermath. In such situations, specialized software can prove invaluable.
Bitdefender Digital Identity Protection, for instance, provides an extensive overview of your online data, including traces of data from no longer-used services. It lets you check the extent of your digital footprint, notifies you of data breaches involving your data, and instantly patches weak points in your online presence.
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024