Former SunTrust employee stole data on 1.5 million clients

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

US commercial bank SunTrust has announced on Friday that they’ve fallen victim to insider threat, and that customer records of some 1.5 million of its customers had been extracted from its systems.

SunTrust stolen data

What is known so far and has been shared with investors by the bank’s Chairman and CEO William Rogers, the insider was a former employee had tried to download customer data and hand it over to a “criminal third party.”

Rogers said that the attempt to steal the data happened six to eight week ago.

About the stolen data

The data in question includes the name, address, phone number and account balances of approximately 1.5 million clients. “The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver’s license information. SunTrust is also working with outside experts and coordinating with law enforcement,” the company said.

But, as far as they’ve been able to discover, the stolen information never left the bank.

Clients get identity protection

Nevertheless, the bank has offered free identity protection services (on an ongoing basis) for all current and new consumer clients – not just those potentially affected by this incident.

“The IDnotify product by Experian is being offered in addition to existing SunTrust security protocols: ongoing monitoring of accounts, FICO score program, alerts, tools and zero liability fraud protection,” the company shared.

The IDnotify protection offered includes Experian 1B credit monitoring, an annual credit report, identify theft insurance with up to $1 million reimbursement for covered expenses, identity restoration assistance, dedicated call center support and dark web monitoring.

The bank heightened their monitoring of accounts and increased other security measures, as the former employee was not authorized to get that level of information.

But the good news is that they’ve not identified significant fraudulent activity and they promise that clients will not be held responsible for any loss on their accounts as a result of this situation.