The cybercrime gang Sp1d3r has been reported to be selling sensitive information on 65,000 employees of Truist Bank.
This major U.S. commercial bank, established in 2019 from the merger of SunTrust Banks and BB&T, holds $535 billion in assets under management and provides a wide range of services, including consumer banking, commercial banking, corporate and investment banking, insurance, wealth management, and payment services.
The data breach, which reportedly occurred in October 2023, includes detailed information such as bank transactions with names, account numbers, balances, and the IVR funds transfer source code. The asking price for this data has been set at $1 million. Despite the breach occurring months ago, Truist only confirmed it recently after the data was put up for sale by Sp1d3r.
A spokesperson for Truist explained, “In October 2023, we experienced a cybersecurity incident that was quickly contained. In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last Fall.” This statement highlights the bank’s efforts to manage the breach and secure its systems, though the delayed public acknowledgment raises questions about transparency and response protocols.
Sp1d3r is no stranger to high-profile data breaches. Previously, the group was involved in selling data on 358,000 employees of Advance Auto Parts and 380 million customer profiles for $1.5 million. Additionally, they offered 34 million emails and other personally identifiable information (PII) from cybersecurity firm Cylance for $750,000. This history of large-scale data breaches by Sp1d3r underscores the group’s capabilities and the significant threat they pose to various industries.
Speculation initially arose that the Truist breach might involve data storage provider Snowflake, similar to the Advance Auto Parts incident. However, Truist’s spokesperson clarified, “To be clear, we have found no evidence of a Snowflake incident at our company.” This statement aims to dispel any connection between the two incidents and reassure stakeholders of the security measures in place.
The implications of this breach are profound, especially for the affected employees whose personal and financial information is now vulnerable. The incident also raises broader concerns about the cybersecurity measures of large financial institutions and their ability to protect sensitive data. As cyber threats continue to evolve, the need for robust security protocols and swift, transparent responses to breaches becomes increasingly critical.
From a broader perspective, this incident serves as a stark reminder of the persistent and evolving threat of cybercrime. Financial institutions, entrusted with vast amounts of sensitive data, must prioritize cybersecurity to safeguard their clients and maintain public trust. The effectiveness of these measures is crucial not only for the protection of individual data but also for the stability and integrity of the financial system as a whole.
