The SP1D3R cybercriminal gang continues to make headlines, this time by selling sensitive data of thousands of Truist Bank employees.
Truist Bank is a large American commercial bank formed in late 2019 through the merger of SunTrust Banks and BB&T, and manages $535 billion in assets under management (AUM). The bank offers a wide range of banking services, from consumer and small business banking, to commercial, corporate, and investment banking, as well as insurance, wealth management, and payment services.
SP1D3R claims to have stolen information on 65,000 employees, including bank transaction data with names, account numbers, balances, and the source code for IVR fund transfers. The asking price is $1 million.
The breach apparently occurred in October 2023, but Truist only confirmed it now, after the data went up for sale.
"In October 2023, we experienced a cybersecurity incident that was quickly contained," a Truist Bank spokesperson told BleepingComputer. "Working with external security consultants, we conducted a thorough investigation, took additional measures to protect our systems, and notified a small number of customers last fall."
For those unfamiliar with the name Sp1d3r, it's a threat actor that recently sold sensitive data on 358,000 employees of the major American automotive company Advance Auto Parts, as well as 380 million customer profiles and a wealth of other information. The asking price was $1.5 million.
SP1D3R was also seen selling 34 million emails and other personally identifiable information (PII) belonging to customers, employees, and partners of cybersecurity giant Cylance for $750,000.
Since SP1D3R's breach of Advance Auto Parts occurred through data storage provider Snowflake, media outlets speculated that the same could have happened here. However, a Truist spokesperson confirmed that this had nothing to do with Snowflake.
“To be clear, we have found no evidence of a Snowflake-related incident at our company.”
Copyright @2023 Leonardo Network Srl VAT IT01749180533. All Rights Reserved.
