Sun Trust Bank today confirmed it was hit with an insider attack when a former employee, working with a third party, stole company contact lists possibly exposing the personal information of up to 1.5 million customers.
The news was released during an earnings call.
The company said in a press statement that the information on the contact lists included, the client's name, address, phone number and in some cases account balances. The contact lists did not include Social Security numbers, account numbers, PINs, User ID, passwords, or driver's licence information.
“Inside threats are a very real and very significant problem, especially if you're dealing with an employee who may be disgruntled or who is otherwise motivated to cause the business as much harm as possible. It's an even harder problem to deal with if the employee was given legitimate, authorised access to critical data at any point as part of their normal job duties,” Nathan Wenzler, chief security strategist at AsTech, told SC Media.
SunTrust is working with outside experts and coordinating with law enforcement and is making credit monitoring available to those affected.
“While we have not identified significant fraudulent activity, we will reinforce our promise to clients that they will not be held responsible for any loss on their accounts as a result." Bill Rogers, SunTrust chairman and CEO, said in a statement.