SunTrust Sees Risk of Breach -- WSJ
April 21 2018 - 3:02AM
Dow Jones News
Names, addresses, phone numbers and account balances are
believed to be included
By Austen Hufford and Christina Rexrode
This article is being republished as part of our daily
reproduction of WSJ.com articles that also appeared in the U.S.
print edition of The Wall Street Journal (April 21, 2018).
SunTrust Banks Inc. said an employee may have stolen the
information of about 1.5 million customers and provided it to a
"criminal third party," the latest example of a potential breach
that underscores the vulnerability of consumers' private data.
The Atlanta-based bank on Friday said the employee, who no
longer works at SunTrust, attempted to access client information,
although it has "not identified significant fraudulent activity"
around the accounts involved.
Companies including banks are increasingly contending with data
risks from both outside actors and misconduct by company employees.
Consumers are already on edge about the security of their data
after a massive breach at credit-reporting firm Equifax Inc., where
a cyberattack last year exposed the data of 147.9 million U.S.
consumers.
SunTrust, which is one of the larger U.S. regional banks by
assets, said it became aware in late February that an employee
attempted to inappropriately download client information and it
began an internal investigation. About a week ago, the bank learned
that the employee may have attempted to print the information and
share it outside the bank. Chief Executive Bill Rogers said that
triggered his decision to disclose the possible breach.
Banks and other companies have disclosed numerous types of data
breaches in recent years, though they are often the work of
sophisticated, outside hackers. For example, a cybersecurity attack
on JPMorgan Chase & Co. in 2014 exposed the information of more
than 70 million households, one of the broadest disclosed attacks
of its kind against a major financial institution.
But security threats can also come from inside. For example, New
York Attorney General Eric Schneiderman has urged banks to rein in
their tellers' access to customer data.
SunTrust said it is working with law enforcement. A bank
spokeswoman declined to name the former employee or comment on the
timing of the departure. She also declined to say where the
employee worked within the bank or whether the person had been
arrested.
SunTrust said it believes that the exposed information includes
names, addresses, phone numbers and account balances. Clients'
Social Security numbers, account numbers, passwords and driver's
license information weren't affected, it added.
"Ensuring personal information security is fundamental to our
purpose as a company of advancing financial well-being," Mr. Rogers
said in a statement. "We apologize to clients who may have been
affected by this."
SunTrust said that it is notifying customers whose data may have
been affected and that it will provide free identity-protection
services to all consumer-banking clients.
The company said it would continue monitoring affected accounts
for fraudulent activity. Despite the recent issue, Mr. Rogers said
the bank's fraud losses in the first quarter were "lower than
they've been relative to the recent past."
The CEO described the bank's costs related to the incident as
"modest," though the incident could put a cloud of uncertainty
around the bank.
SunTrust shares declined 19 cents, or 0.3%, to $66.84 on
Friday.
Write to Austen Hufford at austen.hufford@wsj.com and Christina
Rexrode at christina.rexrode@wsj.com
(END) Dow Jones Newswires
April 21, 2018 02:47 ET (06:47 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Equifax (NYSE:EFX)
Historical Stock Chart
From Mar 2024 to Apr 2024
Equifax (NYSE:EFX)
Historical Stock Chart
From Apr 2023 to Apr 2024