Truist Bank confirms data breach after stolen data appears online

Zero-day attack
(Image credit: Shutterstock) (Image credit: Shutterstock.com)

The Sp1d3r cybercrime gang is making quite a name for itself as it is now selling sensitive data on thousands of Truist banking employees.

Truist is a major US commercial bank formed in late 2019 after SunTrust Banks and BB&T merged, and now has $535 billion AUM (assets under management). It offers different banking services, from consumer and small business banking, commercial banking, corporate and investment banking, to insurance, wealth management, and payments.

Sp1d3r says they stole information on 65,000 employees, including bank transactions with names, account numbers, balances, and IVR funds transfer source code. The going price is $1 million.

No connection to Snowflake

The breach apparently happened in October 2023, but Truist only confirmed it now, once data went on sale. 

"In October 2023, we experienced a cybersecurity incident that was quickly contained," a Truist Bank spokesperson told BleepingComputer. "In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last Fall.

For those unfamiliar with the name Sp1d3r, it is a threat actor that was recently selling sensitive data on 358,000 employees of top American carmaker Advance Auto Parts, as well as 380 million customer profiles, and plenty of other information. The going price was $1.5 million.

Sp1d3r was also seen selling 34 million emails and other personally identifiable information (PII) belonging to customers, employees, and partners, of cybersecurity giant Cylance, for $750,000.

Since Sp1d3r’s breach of Advance Auto Parts happened through data storage provider Snowflake, the media speculated the same might be the case here. However, the Truist spokesperson confirmed this had nothing to do with Snowflake.

“To be clear, we have found no evidence of a Snowflake incident at our company."

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.