Truist Bank, one of the leading US-based commercial banks, confirmed that a threat actor had compromised its systems after the alleged data breach in October last year. According to reports, the attacker leaked part of the company’s data for sale on a hacking forum.
This incident could cause various disruptions and concerns since the affected entity is now a top 10 commercial bank with $535 billion in assets. Moreover, this financial institution provides multiple services, such as consumer and small business banking, corporate and commercial banking, investment banking, wealth management, insurance, and payments.
The Sp1der threat group is the purported attack that compromised Truist Bank.
According to an investigation, a threat actor known as Sp1d3r is selling what they claim to be stolen data from Truist Bank, including information about 65,000 employees, for $1 million.
As of now, this is the only investigation that claims such incidents, as other researchers have yet to verify these claims independently. The initial report revealed the leaked data, which included bank transactions with names, account numbers, amounts, and even IVR money transfer source codes.
On the other hand, the bank has collaborated with a third-party service provider to aid them with the ongoing investigation. They also took additional measures to secure their systems and alerted several clients last year.
The bank was contacted to inquire whether the cybersecurity incident was related to the Snowflake campaigns. However, a bank representative stated that it was unrelated, and their investigation found no evidence of a Snowflake attack in their firm.
Furthermore, the bank assured everyone that they had yet to find evidence of cybercriminal activities, such as fraud, using leaked information.
Currently, the Truist Bank attacker also sells stolen data from cybersecurity business Cylance for $750,000. The data includes databases supposedly containing 34 million customer and employee emails and PII belonging to Cylance customers, partners, and employees.
Cylance nodded to the validity of their claims, but they noted that the offered data is an old database from 2015-2018 that hackers acquired from its third-party platform.
Truist Bank employees and other related parties should be mindful of their digital and banking presence right now due to the severity of the leak and the information included that might fall into the wrong hands.
