Hackers breach of Truist Bank, but claims of Snowflake breach are denied

Truist Bank has apparently fallen victim to a data breach, with sensitive client and employee information listed for sale on a dark web forum.

The breach has been attributed to a threat actor known as Sp1d3r, who claims the data was obtained through the Snowflake breach. The compromised data includes:

• Employee details: Information of 65,000 employees.
• Bank transactions: Names, account numbers, balances.
• Source code: IVR (Interactive Voice Response) funds transfer system.

The threat actor is reportedly selling the data for $1 million, with contact details for purchase provided on the dark web post. So far the Bank has not commented on the claims.

Update - As of 14th of June 2024, Truist Bank has confirmed a data breach that ocurred in an October 2023 cyberattack. Truist, headquartered in Charlotte, North Carolina is a U.S. commercial bank that provides services in various sectors including consumer and small business banking, commercial banking, corporate and investment banking, insurance, wealth management, and payments.

Truist confirmed the breach and stated it was quickly contained. The bank collaborated with external security consultants to investigate and secure its systems. A spokesperson for Truist clarified that the breach is not connected to the ongoing Snowflake attacks.