[BreachExchange] SunTrust employee may have tried to steal data from 1.5 million customers

Audrey McNeil audrey at riskbasedsecurity.com
Fri Apr 20 20:25:11 EDT 2018


https://www.msn.com/en-us/finance/news/suntrust-employee-may-have-tried-to-
steal-data-from-15-million-customers/ar-AAw6Npl

SunTrust says a former employee may have stolen about 1.5 million
customers' data and shared it with a "criminal third party."

Chairman and CEO William Rogers Jr. made the announcement Friday as the
regional bank released its quarterly earnings.

Rogers said the former employee tried to print the customer data. The
information included names and account balances, but not Social Security
numbers, account numbers or passwords.

The bank has not identified "significant fraudulent activity" on the
accounts, Rogers said. It notified customers who were affected.

SunTrust became aware of the matter at the end of February and immediately
opened an investigation and asked outside experts to help, said
spokesperson Sue Mallino.

Last week, SunTrust "learned of the likelihood of printing the information
for use outside of SunTrust," she said. The bank did not identify or
elaborate on the criminal third party. It is working with law enforcement.

SunTrust announced Friday that it would offer a free identify protection
service to all current and new customers to address the "potential data
threat and broader risk environment."

SunTrust is working with the credit reporting agency Experian on the
program, which includes credit monitoring, annual credit reports and
identify theft insurance.

"We apologize to clients who may have been affected by this. We have
heightened our monitoring of accounts and increased other security
measures," Rogers said in a statement. "Ensuring personal information
security is fundamental to our purpose as a company of advancing financial
well-being."

SunTrust is the 12th-largest US commercial bank by assets, according to the
Federal Reserve. The bank manages $205 billion in assets and has 1,236
branches.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180420/1e4600ab/attachment.html>


More information about the BreachExchange mailing list