Atlanta-based SunTrust announced on Friday that a former employee has accessed basic information on nearly 1.5 million of the bank’s customers, according to a recent report in the Atlanta Journal Constitution.
Atlanta has been troubled with several major data breaches in the past year, including the Equifax data breach announced in September 2017 where thieves accessed sensitive online information on over 143 million American consumers, and more recently, the March cyber ransomware attack on the City of Atlanta, where the perpetrators demanded payment in bitcoin via “the dark web” to avert system failure. The city declined, and has incurred $2.7 million in cost to repair & restore IT systems to date, with many still completely non-functioning.
Now, we’re not picking on our home city, but it sure seems Atlanta is getting CLOCKED with cybersecurity issues lately, and they have varied widely from external theft to ransomware to internal employee breaches. Let this be a lesson to other municipalities and fintech businesses that cybersecurity should be UPFRONT AND CENTRAL to its data operations for 2018.
“…The company became aware in late February that the person – an employee at the time – had access to confidential information including names, addresses, phone numbers and some account balances. However, the pool of data that had been accessed did not include what the company called “personally identifying information,” like account and Social Security numbers, user passwords and driver’s license material.
The company referred to the incident as “a potential theft,” and said that the employee in question may have tried to share the data with “a criminal third party.”
SunTrust said the employee subsequently left the company. SunTrust declined to name the employee, when he or she departed and would not say if the employee quit or was fired. SunTrust would not say if the employee was based in Atlanta.
The company said it is cooperating with authorities, but declined to offer specifics.
SunTrust’s announcement comes after several years of high-profile data breaches, in which outside hackers used the Internet to electronically reach into a company’s computer servers and pilfer data…”