BlogNews13TH JUN 2024
AuthorSamir Yawar
3 min read
News

Truist Bank Breach: US Bank confirms Cybersecurity Incident

Twitter
Facebook
WhatsApp
Email
LinkedIn
blog image for Truist bank breach news
BlogNews13TH JUN 2024
3 min read
News

Truist Bank Breach: US Bank confirms Cybersecurity Incident

AuthorSamir Yawar
Twitter
Facebook
WhatsApp
Email
LinkedIn
blog image for Truist bank breach news

Truist, a leading U.S. commercial bank, has confirmed that its systems were compromised during a cyberattack in October 2023. This confirmation follows a threat actor's claim on a hacking forum, where they posted some of the bank's data for sale.

Truist Bank, headquartered in Charlotte, North Carolina, was established through the merger of SunTrust Banks and BB&T (Branch Banking and Trust Company) in December 2019. As one of the top 10 commercial banks in the U.S., Truist holds total assets of $535 billion and offers a variety of services, including consumer and small business banking, commercial banking, corporate and investment banking, insurance, wealth management, and payment services.

Truist Bank breach explained

The cybercriminal, identified as Sp1d3r, is reportedly selling stolen data that includes information on 65,000 employees for $1 million. This was initially reported by DarkTower intelligence analyst James Hub.

The data allegedly includes bank transactions, account details, balances, and IVR funds transfer source code.


Truist Bank responds to cybersecurity incident

A spokesperson from Truist Bank disclosed

In October 2023, we experienced a cybersecurity incident that was quickly contained. In collaboration with external security consultants, we conducted a thorough investigation, enhanced our system security, and notified a small number of clients last Fall."

When asked if the breach was related to the ongoing Snowflake attacks, the spokesperson clarified, "This incident is not linked to Snowflake. We have found no evidence of a Snowflake-related incident at our company."

details of the data stolen as part of Truist bank breach
Data stolen as part of Truist Bank breach | Source: Milshakebot

The spokesperson added, "We regularly cooperate with law enforcement and external cybersecurity experts to protect our systems and data. Based on new information from the ongoing investigation of the October 2023 incident, we have notified additional clients. So far, we have found no indication of fraud resulting from this incident."

More data stolen by the same threat actor

In addition to Truist, the same threat actor is selling data allegedly stolen from cybersecurity firm Cylance for $750,000. This data reportedly includes databases with 34 million customer and employee emails and personally identifiable information.

Cylance has confirmed the authenticity of the data, stating it is from 2015-2018 and was stolen from a third-party platform.

Previously, Sp1d3r also listed 3TB of data stolen from automotive aftermarket parts provider Advance Auto Parts on the same hacking forum, which was taken after breaching Advance’s Snowflake account.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
Money is a central element in data breaches because cybercriminals often target financial information. Stolen data, such as credit card numbers, bank account details, or personal identification, can be monetized through various means, including selling on the dark web, fraudulent transactions, or identity theft.
Information at risk in a data breach can include personal details (names, addresses, social security numbers), financial information (credit card numbers, bank account details), login credentials, medical records, and other sensitive data. The severity of the breach depends on the type and amount of information compromised.