SunTrust Bank Says Employee May Have Stolen 1.5 Million Customers’ Info And Given It To Criminals

SunTrust Bank Says Employee May Have Stolen 1.5 Million Customers’ Info And Given It To Criminals

On Friday, SunTrust bank announced it was offering identity protection services at no charge to all of its clients in the form of Experian IDnotify. Perfect timing, as the company also announced – in the very same press release – a possible data breach affecting approximately 1.5 million customers.

According to the press release, the potential data breach was caused by a former employee who accessed company contact lists containing information like customers’ names, addresses, and account balances. The bank told The Wall Street Journal that the employee may have attempted to print the information and given it to a “criminal third party.”

Luckily, SunTrust claims affected customers didn’t have their entire life story stolen. “The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver’s licence information,” said the company in a statement. In addition, the bank says clients will not be held responsible for any fraudulent activity or losses on their accounts due to the data breach. Customers affected by the possible data breach will be notified by SunTrust.

Experian IDnotify includes a selection of security features designed to detect and prevent fraudulent activity. Every customer who signs up for the service will receive an annual Experian credit report, identity theft insurance, and even “dark web monitoring” – which is perfect for people who erroneously believe they can get their data back in the bottle once it’s on the web.

The company told the Journal that it had been investigating the potential “inappropriate access” incident since late February, and made the decision to publicly disclose it after learning of the possible print job last week.

We’ve reached out to Suntrust for more information on the potential breach and the nature of the possible “criminal third parties” and will update this story when we receive a reply.

[Wall Street Journal]