Cybercrime gang Sp1d3r is making a name for itself as it now sells sensitive data on thousands of Truist Bank employees.
Truist is a large American commercial bank formed in late 2019 after the merger of SunTrust Banks and BB&T, and now has $535 billion in assets under management. It offers various banking services, ranging from personal and small business banking, commercial banking, corporate and investment banking, insurance, wealth management and payments.
Sp1d3r claims to have stolen information on 65,000 employees, including bank transactions with names, account numbers, balances and the source code of IVR funds transfers. The list price is $1 million.
No connection with Snowflake
The breach apparently occurred in October 2023, but Truist only confirmed it now, after the data was made available for sale.
“In October 2023, we experienced a cybersecurity incident that was quickly contained,” a Truist Bank spokesperson said. BeepComputer. “In partnership with external security consultants, we conducted a thorough investigation, took additional steps to secure our systems, and notified a small number of customers last fall.
For those unfamiliar with the name Sp1d3r, it is a malicious actor that recently sold sensitive data on 358,000 employees of major American automaker Advance Auto Parts, along with 380 million customer profiles and more. other information. The list price was $1.5 million.
Sp1d3r was also seen selling 34 million emails and other personally identifiable information (PII) belonging to customers, employees and partners of cybersecurity giant Cylance, for $750,000.
Since Sp1d3r’s Advance Auto Parts breach occurred through data storage provider Snowflake, media outlets have speculated that the same could be the case here. However, Truist’s spokesperson confirmed that this had nothing to do with Snowflake.
“To be clear, we have found no evidence of a Snowflake incident at our company.”
