Truist breach affects as many 65,000 customers and employees. Hacking group is selling data, according to reports (2024)

As many as a combined 65,000 Truist Financial Corp. employees and customers appeared to have been affected by a data breach in October by a hacking group known as Sp1d3r.

Several media outlets, including American Banker and Atlanta Journal-Constitution, reported Friday that the hacking group is selling data affecting employees and certain customers for $1 million.

DarkTower intelligence analyst James Hub has been credited for spotting the data breach on the dark web on a hacking forum.

As of April, Truist’s workforce count was about 49,000, which includes about 10,000 Truist Insurance Holdings employees who were scheduled to transition in May to the former subsidiary’s new privately held ownership.

The information is supposed to contain bank transactions with names, account numbers and balances and source code for Truist’s Interactive Voice Response automated phone system for transferring funds.

Sp1d3r also has been connected with putting up for sale data belonging to Advance Auto Parts.

Truist said in a statement Friday that it has “experienced a cybersecurity incident that was quickly contained.”

“In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last fall.”

However, Truist said that “based on new information from the ongoing investigation of the October 2023 incident, we have notified additional clients. We’re also providing awareness to teammates.”

“We have found no indication of fraud arising from this incident at this time, but out of an abundance of caution and to provide care, we’re making identify protection services available at no cost.

“We sincerely apologize for any concern or inconvenience these notices may have caused.”

What consumers can doLisa Plaggemier, executive director of the National Cybersecurity Alliance, said consumers can take steps to reduce their exposure to data breaches.

“While there’s no need for consumers to regularly update their passwords, it’s crucial to do so when they’ve been involved in a breach like this one,” Plaggemier said.

“They should also change their password on any other account where they’ve used the same or similar password to the one on their AT&T account, a practice that should be followed during any data breach.

“Enabling multi-factor authentication whenever possible adds an extra layer of security as well.”

Plaggemier said regularly monitoring financial statements and credit reports for any suspicious activity “can also help individuals detect and respond to potential breaches promptly.”

“Furthermore, freezing their credit with the credit bureaus is a proactive measure to prevent unauthorized access to their credit information and can provide added security in the event of a data breach,” she said.

Other local data breaches

Truist is the latest in a series of Triad companies to have experienced a data breach over the past 19 months.

Truliant Federal Credit Union informed members in May that some of their financial and personal data has been involved in a data breach of a former third-party vendor.

Truliant said in a letter dated May 14 that Doxim told the credit union of an April 22 cybersecurity attack that affected members. The letter was sent by Todd Hall, the credit union’s president and chief executive.

Doxim is a print and digital document and statement provider with six U.S. offices including in Columbia, S.C. There is no mention of a data breach on its website.

The cybersecurity attack “resulted in unauthorized access to data ... including Truliant files from 2012.”

“These compromised files contained a combination of some or all of the following categories of information for each affected member: name; account number; and Social Security number.

Truliant said that Doxim “immediately began working with federal law enforcement and cybersecurity experts, and have stated that the compromised files have been destroyed.”

“They have found no evidence that Truliant data has been published or misused.”

Truliant said it ended the contract with Doxim “due to the production issues experienced earlier this year.”

AT&T, HanesBrands impact

Nearly 1.7 million North Carolina customers have been affected by the massive AT&T data breach — one of the largest in U.S. history.

AT&T informed the N.C. Attorney General’s Office of the number of affected customers in the state. The AG’s office disclosed the total April 18.

AT&T began notifying customers in late March that some of their personal information has been hacked with the breach occurring on the dark web in mid-March.

AT&T previously told customers that while the information varied by customer and account, what could have been stolen includes full name, email address, mailing address, phone number, Social Security number, date of birth, AT&T account number and passcode.

PCmag.com has reported that a hacking group called ShinyHunters started selling the stolen AT&T data back in 2021. At the time, AT&T denied that the information had come from its systems.

HanesBrands Inc. disclosed in a May 31, 2022, regulatory filing that it began experiencing a ransomware attack on May 24, 2022.

HanesBrands said the ransomware attack affected its global supply-chain network and ability to fulfill customer orders for about three weeks.

In April, HanesBrands said it would give some current and former employees the option of credit and identity monitoring, up to a $50 Hanes store credit and $6.99 in shipping costs, or a cash payment of $35 in a proposed settlement of a federal lawsuit tied to a May 2022 ransomware attack.

Recent data breaches also have affected the Center for Creative Leadership in Greensboro, the parent company of Golden Corral, Bank of America Corp., VF Corp., Atrium Health, Novant Health Inc. and Pepsi Bottling Ventures LLC.