By An ex-employee of Atlanta-based SunTrust Banks revealed about stolen data on 1.5 million customers. The employee seems to steal customers’ data from specific contact lists of the company. SunTrust is presently notifying the influenced clients about the details and they are working with external professionals and coordinating on investigations with the law enforcement agency.
The company described the details as the stolen data contain the names, addresses, and phone numbers along with the certain account balances of the clients, as this was the information contained in the contact lists. The information also contained with the personally recognizing data likely social security numbers, account numbers, User IDs, passwords, PINs, or driver’s license data was not available in the said lists.
“We apologize to clients who may have been affected by this. We have heightened our monitoring of accounts and increased other security measures. While we have not identified significant fraudulent activity, we will reinforce our promise to clients that they will not be held responsible for any loss on their accounts as a result,” Bill Rogers, SunTrust chairman and CEO, said.
Rogers also emphasized that the organization is dedicated on defending its clients and that it is controlled to support all SunTrust customers to struggle the accumulative anxiety about identity stolen and scam. The company announced that SunTrust is now delivering Identity Protection for all present and newly joined clients. Brian Contos, CISO at Verodin, figured out the prominence of making sure that security solutions are not just planned to notice and report doubtful action, but are also enhanced to defend against the robbery of customers’ sensitive data.
“Organizations need to be able to validate the efficacy of their security controls across their production environments and instrument them in order to get value. Anything else is simply guesswork and assumptions, and as long as that’s the norm, data theft will continue to be commonplace,” Contos said.
The head of the Behavioral Research Team, Verodin, James Lerud, had figured out to the media that the company devote a lot of time and effort into avoiding cyberpunks from sneaking into their systems, but frequently forget about in-house attacks.
“Companies should ask themselves if those controls can be applied internally as well. For example, do their SQL injection prevention measures work when the source is internal rather than external? Defending against adversaries with internal access is arguably more important because it restricts lateral movement while also protecting against insider threats,” Lerud said.
