One of the largest banks in the US says it has suffered a security breach as a notorious hacker claims sensitive data on thousands of account holders is now for sale.
North Carolina-based lender Truist Bank just confirmed its systems were breached in October, reports tech news site Bleeping Computer.
The confirmation comes after the hacker pseudonymously known as Sp1d3r claimed it’s selling a trove of data from the bank containing 65,000 account holders’ names, bank account numbers, transaction history and balances for a fee of $1 million.
Sp1d3r says it’s selling data on employees who held accounts at the bank, however at time of publishing the bank has only confirmed that an unspecified but limited number of “clients” were affected.
Says a Truist Bank spokesperson to Bleeping Computer,
“In October 2023, we experienced a cybersecurity incident that was quickly contained.
In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last fall.”
The data dump also includes the source code for Truist Bank’s interactive voice response (IVR), an automated system that allows callers to access information by following a set of pre-recorded messages.
The bank says it has not yet detected fraud cases due to the data breach.
“We regularly work with law enforcement and outside cybersecurity experts to help protect our systems and data.
Based on new information from the ongoing investigation of the October 2023 incident, we have notified additional clients. We have found no indication of fraud arising from this incident at this time.”
Truist Bank is a leading chartered commercial bank in the US with $526.714 billion in consolidated assets, according to Federal Reserve data.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxGenerated Image: Midjourney