Truist Bank confirms breach as stolen info appears on hacking forum.

 Truist, a leading US commercial bank, reported that its systems were compromised in an October 2023 cyberattack after a threat actor released part of the company's data for sale on a hacking site.

Truist Bank, headquartered in Charlotte, North Carolina, was founded in December 2019 from the merger of SunTrust Banks and BB&T (Branch Banking and Trust Company).

Truist is now a top-10 commercial bank with $535 billion in assets. It provides a wide range of services, including consumer and small business banking, commercial banking, corporate and investment banking, insurance, wealth management, and payments.

According to DarkTower intelligence analyst James Hub, a threat actor (known as Sp1d3r) is selling what they claim is stolen data containing information from 65,000 employees for $1 million.

While BleepingComputer was unable to independently verify these claims, the data reportedly includes bank transactions with names, account numbers, amounts, even IVR money transfer source code.

"In October 2023, we experienced a cybersecurity incident that was quickly contained," a Truist Bank official informed BleepingComputer, responding to the threat actor's claims.

"In collaboration with outside security professionals, we conducted a thorough investigation, took additional measures to secure our systems, and alerted a small number of clients last fall. When questioned if this was related to the ongoing Snowflake attacks, the representative responded, "That incident is unrelated to Snowflake. To be clear, we discovered no evidence of a Snowflake occurrence at our organization."

"We regularly collaborate with law enforcement and outside cybersecurity experts to help protect our systems and data," the Truist Bank spokeswoman explained.

"Based on new facts from the continuing investigation into the October 2023 incident, we contacted additional clients. We have uncovered no evidence of fraud in connection with this incident at this time."

The same threat actor sells stolen data from cybersecurity business Cylance for $750,000, including databases supposedly containing 34,000,000 customer and employee emails, as well as personally identifiable information belonging to Cylance customers, partners, and employees.

Cylance acknowledged the validity of their claims, noting that it is old data (from 2015-2018) obtained from a "third-party platform."

Sp1d3r has previously listed for sale on the same hacking forum 3TB of data taken from Advance Auto Parts' Snowflake account.

Source: Bleeping Computer