Subj : Truist Bank confirms data breach after stolen data appears online
To   : All
From : TechnologyDaily
Date : Fri Jun 14 2024 19:45:05

Truist Bank confirms data breach after stolen data appears online

Date:
Fri, 14 Jun 2024 18:38:46 +0000

Description:
Sp1d3r is back with another bank attack, and is demanding $1 million this 
time.

FULL STORY
======================================================================

The Sp1d3r cybercrime gang is making quite a name for itself as it is now 
selling sensitive data on thousands of Truist banking employees. 

Truist is a major US commercial bank formed in late 2019 after SunTrust Banks 
and BB&T merged, and now has $535 billion AUM (assets under management). It 
offers different banking services, from consumer and small business banking, 
commercial banking, corporate and investment banking, to insurance, wealth 
management, and payments. 

Sp1d3r says they stole information on 65,000 employees, including bank 
transactions with names, account numbers, balances, and IVR funds transfer 
source code. The going price is $1 million. No connection to Snowflake 

The breach apparently happened in October 2023, but Truist only confirmed it 
now, once data went on sale. 

"In October 2023, we experienced a cybersecurity incident that was quickly 
contained," a Truist Bank spokesperson told BleepingComputer . "In 
partnership with outside security consultants, we conducted a thorough 
investigation, took additional measures to secure our systems, and notified a 
small number of clients last Fall. 

For those unfamiliar with the name Sp1d3r, it is a threat actor that was 
recently selling sensitive data on 358,000 employees of top American carmaker 
Advance Auto Parts, as well as 380 million customer profiles, and plenty of 
other information. The going price was $1.5 million. 

Sp1d3r was also seen selling 34 million emails and other personally 
identifiable information (PII) belonging to customers, employees, and 
partners, of cybersecurity giant Cylance, for $750,000. 

Since Sp1d3rs breach of Advance Auto Parts happened through data storage 
provider Snowflake, the media speculated the same might be the case here. 
However, the Truist spokesperson confirmed this had nothing to do with 
Snowflake. 

To be clear, we have found no evidence of a Snowflake incident at our 
company." More from TechRadar Pro Top carmaker Advance Auto Parts confirms 
stolen data for sale following Snowflake attack Here's a list of the best 
firewalls today These are the best endpoint protection tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/truist-bank-confirms-data-breach-after-
stolen-data-appears-online


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.