On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale.
Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets, it is in the top 10 of US banks. In 2020, Truist provided financial services to about 12 million consumer households.
The online handle of the seller immediately raised the suspicion that this was yet another Snowflake related data breach.
Post by Sp1d3r on breach forum
The post also mentions Suntrust bank because Truist Bank arose after SunTrust Banks and BB&T (Branch Banking and Trust Company) merged in December 2019.
For the price of $1,000,000, other cybercriminals can allegedly get their hands on:
IVR is a technology that allows telephone users to interact with a computer-operated telephone system through the use of voice and Dual-tone multi-frequency signaling (DTMF aka Touch-Tone) tones input with a keypad. Access to the source code may enable criminals to find security vulnerabilities they can abuse.
Given the source and the location where the data were offered, we decided at the time to keep an eye on things but not actively report on it. But now a spokesperson for Truist Bank told BleepingComputer:
> “In October 2023, we experienced a cybersecurity incident that was quickly contained."
Further, the spokesperson stated that after an investigation, the bank notified a small number of clients and denied any connection with Snowflake.
> "That incident is not linked to Snowflake. To be clear, we have found no evidence of a Snowflake incident at our company."
But the bank disclosed that based on new information that came up during the investigation, it has started another round of informing affected customers.
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
While matters are still unclear how much information was involved, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.
We don't just report on threats - we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family's—personal information by using identity protection.