BleepingComputer reports that major U.S. commercial bank Truist Bank disclosed having its systems compromised in October following data theft claims by the threat actor "Sp1d3r" purporting data theft from 65,000 employees.
Aside from containing data from 65,000 Truist employees, other data allegedly part of the stolen trove — which is being peddled for $1 million — also includes bank transactions with names, account numbers, and balances, as well as the IVR funds transfer source code.
Despite the breach, which was immediately contained, no evidence indicated any misuse of the exfiltrated information, according to Truist Bank, which also dismissed the association of its systems breach to the ongoing attacks aimed at the customers of cloud storage firm Snowflake. Such a development comes after Sp1d3r commenced the sale of data stolen from major U.S. automotive aftermarket parts vendor Advance Auto Parts following the compromise of its Snowflake account.
Cybersecurity firm Cylance also had its old data exfiltrated from a third-party platform recently peddled by the threat actor.