The North Carolina-based commercial bank recently confirmed a large data breach.
What happened
Truist Bank, a top 10 commercial bank in the US, recently confirmed that its network was breached in October 2023.
The confirmation follows a malicious actor, known as Sp1d3r, posting some of Truist’s data on an online hacking forum. The actor claimed to be selling data of 65,000 employees for $1 million. The data allegedly contained information such as bank account numbers, balances, and source code for Truist Bank’s Interactive Voice Response (IVR) phone system used for transferring funds.
In a statement to BleepingComputer, a Truist spokesperson shared, “In October 2023, we experienced a cybersecurity incident that was quickly contained…In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last Fall.”
The bank shared that they worked with law enforcement and an outside cybersecurity team to ensure the system and data were protected. Currently, they do not believe that any fraud events have occurred as a result.
Going deeper
The breach follows the devastating Snowflake breach that allegedly impacted 165 customers of the cloud-based data platform. The breach affected a range of companies, from Ticketmaster to Advance Auto Parts and banking organization Santander.
In Truist’s statement, they made clear that the Snowflake incident was unrelated to the breach they faced.
Sp1d3r does have a history of impacting organizations. In fact, the company previously put up for sale 3TB of data belonging to Advance Auto Parts, a company also impacted by the Snowflake breach.
Little is currently known about Sp1d3r, albeit it is also currently selling stolen data from cybersecurity company Cylance for $750,000.
Despite Truist data seemingly safe for now, customers are advised to keep an eye on their account activity. Impacted customers are also being offered identity protection services.
Why it matters
Cases like these show how a data breach can continue to impact a company long after the breach initially occurred. While Truist investigated the incident and notified impacted customers, data still found its way to the dark web.
While Sp1d3r claims to have the data, it’s important for customers not to remain skeptical; it’s fairly common for ransomware organizations to lie about the data they hold in an attempt to extort companies. Unfortunately, it is difficult to know if Sp1d3r has the data and if they will be able to successfully sell it.
The big picture
Data breaches continue to impact companies at an exponential rate. While healthcare is one of the most heavily targeted industries, financial and banking institutions are also frequently sought out because of the private and valuable data they may hold.
While it’s unclear how Truist was breached, many breaches are preventable with the right tools and technology. Services like Paubox are critical to ensuring that employees are safely handling data and are protected against spoofing and phishing attempts.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
