Arizona-based Western Alliance Bank has confirmed having data from 21,899 individuals compromised following an October attack aimed at a third-party secure file transfer program, according to The Record, a news site by cybersecurity firm Recorded Future.
Infiltration of Western Alliance's systems between Oct. 12 and 24 resulted in the theft of individuals' names and Social Security numbers, as well as birthdates, driver's license numbers, tax identification numbers, passports, and financial account numbers in certain cases, said the bank in notifications submitted to California and Maine regulators.
Despite not providing additional details regarding the targeted software, Western Alliance was long claimed by the Clop ransomware operation to have been breached through the exploitation of a Cleo file sharing tool vulnerability.
Separate investigations into the aftermath of the sweeping Clop hack are also being conducted by Hewlett Packard Enterprise and Thomson Reuters, whose Legal Tracker subsidiary was purportedly impacted by the incident.
"We have removed Cleo's application from our environment. We have been in direct contact with the limited number of affected customers," said the Thomson Reuters spokesperson.
