Atlanta-based regional bank SunTrust issued a formal statement on Friday, April 20th notifying 1.5 Million customers that their personal data may have been compromised in a data breach orchestrated by a now-former employee.
The announcement came during an earnings call when CEO William Rogers said the employee had worked with an outside third party to steal client contact lists. The data included customer names, addresses, phone numbers and account balances. The data did not include social security numbers, account numbers, user IDs, passwords or associated driver’s license information.
Initially, the bank became aware of an attempted data breach by the employee in late February when the employee attempted to download client information. This triggered an internal investigation, which eventually lead to last week’s public announcement. They believe the employee may have printed the information with the intention of sharing it outside the bank.
At this time, SunTrust is working with law enforcement and is declining to provide any additional detail or make any further comments about the ongoing investigation. The bank has begun to notify individual customers whose data may have been stolen; as well as, offering free identity protection service to all of their customers.
Mr. Rogers said in a statement, “Ensuring personal information security is fundamental to our purpose as a company of advancing financial well-being. We apologize to clients who may have been affected by this.”
If you are a SunTrust banking customer, SunTrust if offering Experian’s IDnotify service free of charge. Visit https://www.suntrust.com/identity-protection to sign up.
Defending yourself and your bank against cybercrime requires a mutli-layered, proactive approach. Threats come in many forms and with many malicious intentions. Safe Systems provides community banks and credit unions with innovative security solutions and tactics to help you stay a step ahead of cybercriminals.