Truist Bank Data Breach: Cyberattack Confirmed, Hacker Selling Employee Data

Truist Bank, one of the top 10 commercial banks in the US, has confirmed a data breach resulting from a cyberattack in October 2023. The breach was brought to light when a threat actor, known as Sp1d3r, posted the bank’s data for sale on a hacking forum. The data being sold includes information on 65,000 employees, bank transactions, account details, and even the source code for Truist’s IVR system.

Truist Bank, formed from the merger of SunTrust Banks and BB&T in 2019, has assured that the breach was quickly contained and investigated with the help of external security consultants. Additional security measures have been implemented, and affected clients have been notified. The bank has emphasized that the breach is not related to the ongoing Snowflake attacks and no evidence of a Snowflake-related incident was found.

In addition to Truist Bank, the hacker is also selling data from cybersecurity company Cylance and Advance Auto Parts, which was previously stolen from their Snowflake accounts. Cylance has confirmed the breach, stating that the data is from a third-party platform dating back to 2015-2018.

Truist Bank is actively collaborating with law enforcement and cybersecurity experts to safeguard its systems and data. The investigation is ongoing, and there are currently no indications of fraud resulting from the breach. The bank continues to prioritize the security and privacy of its clients amidst this cyber threat.

Stay tuned for further updates on this developing story.