Truist Bank confirms data breach after stolen data appears online

Sp1d3r is back with another bank attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Sp1d3r cybercrime gang is making quite a name for itself as it is now selling sensitive data on thousands of Truist banking employees.

Truist is a major US commercial bank formed in late 2019 after SunTrust Banks and BB&T merged, and now has $535 billion AUM (assets under management). It offers different banking services, from consumer and small business banking, commercial banking, corporate and investment banking, to insurance, wealth management, and payments.

Sp1d3r says they stole information on 65,000 employees, including bank transactions with names, account numbers, balances, and IVR funds transfer source code. The going price is $1 million.

No connection to Snowflake

The breach apparently happened in October 2023, but Truist only confirmed it now, once data went on sale.

“In October 2023, we experienced a cybersecurity incident that was quickly contained,” a Truist Bank spokesperson toldBleepingComputer. “In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last Fall.

For those unfamiliar with the name Sp1d3r, it is a threat actor that was recently selling sensitive data on 358,000 employees of top American carmaker Advance Auto Parts, as well as 380 million customer profiles, and plenty of other information. The going price was $1.5 million.

Sp1d3r was also seen selling 34 million emails and other personally identifiable information (PII) belonging to customers, employees, and partners, of cybersecurity giant Cylance, for $750,000.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Since Sp1d3r’s breach of Advance Auto Parts happened through data storage provider Snowflake, the media speculated the same might be the case here. However, the Truist spokesperson confirmed this had nothing to do with Snowflake.

“To be clear, we have found no evidence of a Snowflake incident at our company.”

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats