Attacks/Breaches

4/20/2018
05:39 PM
100%
0%

SunTrust Ex-Employee May Have Stolen Data on 1.5 Million Bank Clients

Names, addresses, phone numbers, account balances, may have been exposed.

SunTrust Bank said a former employee may have stolen names, addresses, phone numbers, and account balances of some 1.5 million of its clients. 

The employee tried to download the client contact information six- to eight weeks ago in an attempt to provide the data to a criminal from outside the organization, Reuters reports.

SunTrust CEO William Rogers in an earnings call said there was no indication of fraudulant activity using the client information, and it appears the data had not been sent outside the bank.

The bank is now offering free identity protection services to all of its customers for the "potential data threat," according to a press announcement from SunTrust. 

"The company became aware of potential theft by a former employee of information from some of its contact lists. Although the investigation is ongoing, SunTrust is proactively notifying approximately 1.5 million clients that certain information, such as name, address, phone number and certain account balances may have been exposed," the bank said in a press statement. "The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver's license information. SunTrust is also working with outside experts and coordinating with law enforcement."

Read more here  and here.

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/26/2018 | 6:41:13 AM
Re: Reputation of SunTrust
Agree - but one very real byproduct under any condition is that the IT staffers feel abused and treated with zero respect.  Ego?  SunTrust has zero respect for IT under any condition.  Now this is speculatoin of course - could be just a bad apple all around.  That happens too.  
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
4/23/2018 | 1:40:27 PM
Re: Reputation of SunTrust
@REISEN: You're right, if you're saying that US-based outsourcing isn't necessarily an appropriate, safe or effective solution, for the outsourcing company or the country; but neither is an in-house IT department - in all cases.  My point is that offshoring invariably creates Information System vulnerabilities which outweigh perceived cost savings; and that the loss of US jobs (and the incentive to train our people to fill those jobs), is detrimental.  You're wrong if you think the choice of terms, outsourcing or offshoring, is irrelevant. 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/23/2018 | 12:55:15 PM
Re: Reputation of SunTrust
Call it whatever you want - yes outsourcing can be internal USA such as to IBM of course.  But it shows a lack of respect for good It management and protocols.  I spent 8 months at a local site supporting 45 users who had their IT support "off-shored" to Wipro and it was a disaster.  Also local WiPro protocols were horrible too.  It was an uphill battle.  Management had zero, repeat, zero respect for IT until this disaster began to hit.  SunTrust does not by indication respect it either.    I am not surprised by this article. 
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
4/23/2018 | 10:58:51 AM
Re: Reputation of SunTrust
Calling it "outsourcing" when what they're doing is "offshoring" has been a rhetorical smokescreen for decades.  Using the inherent ambiguity of language to imply something is less objectionable, by inclusion within a broader definition, is common practice.  Yes, offshoring is a form of outsourcing; but ramifications for security and the economy for the former are dramatically different than for outsourcing which is kept within one jurisdiction and symbiotic economy.  Outsourcing to a company which offshores any of its work is at least as troubling, and much more insidious. 

Those who understand the risks and negative consequences of offshoring shouldn't make it any easier for those who want to obscure their use of the practice, by calling it outsourcing
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/23/2018 | 8:14:56 AM
Reputation of SunTrust
Look this one up on Google for outsourcing --- they LOVE to fire American workers and send jobs to India.  Big stink a few years ago when staffers were required, of course, to train replacements and also sign non-disclosure statements.  They back-tracked the latter part but still their IT is all Bangalore based and thus horrible.  So this action is NOT a surprise at all.  You get what you pay for. 
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10016
PUBLISHED: 2019-03-25
GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.
CVE-2019-10018
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
CVE-2019-10019
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
CVE-2019-10020
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
CVE-2019-10021
PUBLISHED: 2019-03-25
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.