June 13, 2024 at 07:19PM
Truist Bank, formed from the merger of SunTrust Banks and BB&T, suffered a cyberattack in October 2023, leading to a breach of its systems. The threat actor “Sp1d3r” is selling stolen data, including employee information and bank transactions. Truist has worked with security consultants and law enforcement and found no evidence of fraud arising from the incident.
Key takeaways from the meeting notes are:
1. Truist Bank, formed from the merger of SunTrust Banks and BB&T, experienced a cyberattack in October 2023, resulting in stolen data being sold by a threat actor known as Sp1d3r.
2. The stolen data contains information on 65,000 employees, as well as bank transactions with names, account numbers, balances, and IVR funds transfer source code.
3. Truist Bank spokesperson confirmed the cybersecurity incident, mentioning that it was quickly contained, and they conducted a thorough investigation.
4. The incident is not linked to the ongoing Snowflake attacks, and the bank has found no evidence of a Snowflake incident at their company.
5. Truist Bank regularly collaborates with law enforcement and outside cybersecurity experts to enhance system and data security.
6. Cylance, a cybersecurity company, also had data stolen by Sp1d3r, with the company confirming the legitimacy of the claims but stating that it’s old data from 2015-2018 stolen from a “third-party platform.”
7. Sp1d3r has previously put up for sale stolen data belonging to automotive aftermarket parts provider Advance Auto Parts after breaching their Snowflake account.
Overall, the meeting notes highlight the series of cyberattacks and data breaches orchestrated by the threat actor Sp1d3r, affecting multiple companies including Truist Bank, Cylance, and Advance Auto Parts. Truist Bank has taken measures to contain the incident, conduct investigations, and notify affected clients while collaborating with external experts for enhanced security.