Truist Bank, a prominent U.S. commercial bank formed from the merger of SunTrust Banks and BB&T, has acknowledged a cybersecurity breach originating in October 2023. The breach exposed sensitive information, including employee details and transaction data, which subsequently surfaced for sale on a hacking forum. The compromised data includes names, account numbers, balances, and source code related to Truist’s Interactive Voice Response (IVR) system used for fund transfers.
The incident highlights ongoing vulnerabilities faced by financial institutions to sophisticated cyber threats. Truist Bank swiftly contained the breach upon discovery and has launched a comprehensive investigation in collaboration with cybersecurity experts and law enforcement agencies. Despite their efforts, the bank has confirmed that approximately 65,000 employees were affected by the breach.
In a statement to BleepingComputer, a Truist Bank spokesperson clarified that there is no current evidence linking this breach to the recent Snowflake attacks. They reassured clients that no instances of fraud have been reported from the compromised data. Truist continues to monitor the situation closely and has expanded client notifications based on new findings uncovered during the investigation.
This breach underscores the critical need for robust cybersecurity measures to protect sensitive financial data. Truist Bank remains committed to enhancing its security protocols to safeguard customer information against future cyber threats. As investigations progress, stakeholders are advised to remain vigilant and take proactive steps to secure their personal and financial information in an increasingly digital environment.
Reference:
