SunTrust Investigates Malicious Insider Breach

SunTrust Investigates Malicious Insider Breach

US regional banking giant SunTrust is notifying 1.5 million customers that some of their personal data may have been stolen by a malicious insider.

The Atlanta-headquartered financial services firm issued a formal statement on Friday, claiming that it is offering ongoing identity protection from Experian free of charge for all current and new customers, following the discovery.

“The company became aware of potential theft by a former employee of information from some of its contact lists. Although the investigation is ongoing, SunTrust is proactively notifying approximately 1.5 million clients that certain information, such as name, address, phone number and certain account balances may have been exposed,” it explained.

“The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver's license information. SunTrust is also working with outside experts and coordinating with law enforcement.”

Chairman and CEO, Bill Rogers, apologized for the incident and claimed the company had “heightened” monitoring of users’ accounts and increased other unnamed security measures.

“While we have not identified significant fraudulent activity, we will reinforce our promise to clients that they will not be held responsible for any loss on their accounts as a result,” he said in a statement.

"Our priority is protecting our clients and maintaining their trust. Beyond this incident, we want to help all SunTrust clients combat the increasing concern about identity theft and fraud, wherever it may occur."

The Experian IDnotify package being offered to customers includes credit monitoring, dark web monitoring, identity “restoration assistance” and $1m identity theft insurance.

Insiders were blamed for over a quarter (28%) of breaches analyzed in the most recent Verizon Data Breach Investigations Report, although there was no breakdown of how many were malicious and what proportion was down to negligence.

However, over-three-quarters (76%) of breaches were said to be financially motivated.

Source: Information Security Magazine