SunTrust Banks is the latest company to be affected by a data breach in a case that highlights the need for companies to strengthen their internal security systems.
The Atlanta based bank announced that a former employee may have stolen the personal information of up to 1.5 million customers with a view of sharing this data with a criminal third party.
The ex-employee is believed to have downloaded and printed information relating to customer names, addresses, phone numbers, and certain account balances.
The bank has informed customers that other sensitive data such as social security numbers, account numbers, PINs, passwords, User IDs, or driver’s license information has not been compromised by the potential breach.
The company detected the theft about two months ago, however it was only late last week that they discovered the stolen information may have been shared with a criminal third party. The bank is working closely with cyber security experts and law enforcement to determine if any fraudulent activity has taken place in relation to the theft of this customer data.
An investigation into the potential breach is still ongoing and the bank is in the process of personally identifying the 1.5 million customers that may be affected. It has also announced that it will provide free identity theft protection to all its current and new customers going forward.
In a statement the bank said: “SunTrust cares deeply about the privacy and security of client information. We apologise to clients who may have been affected by this. Beyond this incident, we want to help all SunTrust clients combat the increasing concern about identity theft and fraud, wherever it may occur.”
Consumers are increasingly on edge about the security of their data after a range of high profile cyber-attacks, including the massive breach at Equifax which resulted in over 100 million people having their private data leaked.
Most of these high-profile attacks are the work of sophisticated hackers, however the SunTrust breach highlights the need to strengthen internal security systems as security threats can also come from inside an organisation.
To prevent against these types of attacks, organisations must ensure they have strict controls in place, and are effectively managing who has access to their critical data assets at all times. A robust cyber security strategy will address the threats faced both internally and externally and add an extra layer of defence to security measures.
To find out how MetaCompliance can help strengthen your organisation’s cyber security defences, click here