[BreachExchange] Financial services firm First Horizon suffers data breach with customer funds stolen

[Destry Winant]

https://siliconangle.com/2021/04/28/financial-services-firm-first-horizon-suffers-data-breach-customer-funds-stolen/

Financial services company First Horizon Corp. has suffered a data breach
that saw customer accounts accessed and funds stolen.

Disclosed in a filing today with the U.S. Securities and Exchange
Commission, the data breach is described as involving an authorized third
party obtaining login credentials from an unknown source and then
attempting to access customer accounts. The third party then gained access
to fewer than 200 online customer bank accounts, had access to personal
information in those accounts and then fraudulently obtained an amount of
less than $1 million from those accounts.

While not disclosing the exact method of the attack, First Horizon then
said it remediated a software vulnerability, suggesting the attack involved
exploiting unpatched software used by the bank.

Along with resetting passwords, the bank has reimbursed the stolen funds
and notified regulators and law enforcement.

“Attackers are adept at finding the weakest link,” Robert Haynes, software
composition analyst and open-source evangelist at application security
testing firm Checkmarx Ltd., told SiliconANGLE. “This is most frequently a
human, and often results in phishing or spear-phishing attacks against IT
staff, as their credentials are the most useful to an attacker.”

Haynes noted that attackers also exploit vulnerable technology, often in
conjunction with illicit credentials they may have obtained. In the case of
First Horizon’s data breach, he added, it may have involved third-party
software ranging from a virtual private network or software libraries
providing onetime passcodes.

“Whatever the mechanism of compromise used here, it’s another reminder that
all organizations, but especially financial services organizations, need to
consider the totality of their attack surface area, from the email security
of the most senior company officer down to the smallest software library
used in their applications,” Haynes said.

Alexa Slinger, identity management expert at identity and access management
provider OneLogin Inc., noted that financial institutions must work with a
trusted access management provider to put guardrails and safety measures in
place for their consumer identities and data, as well as have a crisis
management and recovery process ready. “This breach also highlights the
need for consumers to be educated on and have access to a form of
two-factor authentication to act as an additional layer of security when
their credentials are compromised,” she said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210430/f3e19fae/attachment.html>