Data Security, Breach, Privacy

Truist Bank says breach of customer data is unrelated to Snowflake

Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

Truist Bank confirmed it suffered a breach of its network and exposure of some customer data after a security researcher reported spotting dark web advertisements for the pilfered account details.

In a post on X (formerly Twitter), James Hub from security research company DarkTower reported that hackers were advertising account details of some 64,000 Truist Bank customers and employees.

The attacker claimed to be in possession of employee data, bank transaction data — including customer names and full account and balance details — and source code from the company’s IVR transfer system.

In a statement provided to SC Media, Truist Bank admitted to losing some customer data but declined to link the incident to the recent drama surrounding cloud IT provider Snowflake. The bank said the fraud dates back to a 2023 intrusion.

“That incident is not linked to Snowflake,” a company spokesperson said.

“To be clear, we have found no evidence of a Snowflake incident at our company.”

The company wanted to establish that its data breach was a completely independent incident from the network breach at Snowflake earlier this year. According to Snowflake, that breach only involved an attacker gaining access to what was described as credentials from a former employee that offered access for a production environment.

Since then, criminal hackers have been offering account details for a number of clients, one of which is Truist Bank. According to available information, these accounts were breached because the attackers were able to compromise user accounts for the clients and not as the result of the reported breach of Snowflake’s network and the exposure of its database.

Snowflake told reporters that the hacked accounts all failed to have two-factor authentication enabled.

In short, a number of Snowflake user accounts were stolen because users failed to enable strong authentication options. Administrators are advised to ask cloud providers to give two-factor authentication whenever available.

Meanwhile, customers of Truist Bank are being advised to keep an eye on their account activity, though there appears to be no imminent threat of cybercrime.

“We have found no indication of fraud arising from this incident at this time, but out of an abundance of caution and to provide care,” the bank said.

“We are making identity protection services available at no cost.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.