June 17th – One of the top 10 largest commercial banks in the United States, Truist Bank, has confirmed that its systems were breached in a cyber attack. The incident is concerning in that an unauthorized party gained access to sensitive data and has since attempted to sell it on the dark web.

It’s all in the details…

The threat actor, known as “Sp1d3r” has bragged about stealing data belonging to over 65,000 Truist employees and listing it for sale with a million-dollar price tag. The data trove is believed to contain sensitive information, such as employees’ personal details, bank transaction records showing account numbers and balances, as well as source code related to Truist’s automated phone banking system.

Truist’s response

While Truist stated that it quickly contained the incident after discovering it, the bank has now been forced to notify additional customers whose information may have been compromised. At present, Truist maintains that there is no evidence of fraud stemming from the breach.

Lessons learned

For CxOs, the Truist cyber attack underscores the critical importance of robust cyber security practices and incident response plans. Even large enterprises with substantial resources can become victims of sophisticated cyber schemes.

The consequences of such attacks can be severe – from compliance penalties and legal issues to immense reputational damage that ultimately erodes customer trust. CxOs must make cyber security a top priority, allocating sufficient budget, training staff, implementing layered security, and maintaining effective breach communication protocols.

For more on the Truist story, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.