SunTrust Bank may be the latest victim of a data breach, but the alleged intrusion didn’t come from outside the company.
SunTrust announced Friday that a former employee may have stolen the personal information of approximately 1.5 million of the bank’s customers.
But unlike in other breaches, like Equifax, for example, it appears that the data breach does not contain extremely sensitive personal information like Social Security numbers, driver’s license numbers, or account information.
The company said that its investigation into the data breach is still ongoing, but it believes that the breach is limited to customer contacts lists. Specifically, the bank believes the name, address, phone number and certain account balances of 1.5 million customers may have been exposed in the breach.
According to the bank, the contact lists did not include personally identifying information, such as Social Security number, account number, PIN, User ID, password, or driver's license information.
SunTrust said that it is personally identifying the 1.5 million customers that may be affected by the breach. Additionally, the bank said it is working with outside experts and coordinating with law enforcement on the potential breach.
“Ensuring personal information security is fundamental to our purpose as a company of advancing financial well-being,” said Bill Rogers, SunTrust chairman and CEO.
“We apologize to clients who may have been affected by this. We have heightened our monitoring of accounts and increased other security measures,” Rogers continued. “While we have not identified significant fraudulent activity, we will reinforce our promise to clients that they will not be held responsible for any loss on their accounts as a result.”
As part of its promise to help protect its customers’ personal information, SunTrust is offering identity theft protection to all current and new clients at no cost on an ongoing basis.
The company is offering Experian’s IDnotify program to customers, in addition to the bank’s existing security protocols: ongoing monitoring of accounts, FICO score program, alerts, tools and zero liability fraud protection.
According to the bank, the IDnotify protection includes:
- Experian 1B Credit Monitoring
- Annual Experian Credit Report
- Identify Theft Insurance with up to $1 million reimbursement for covered expenses
- Identity Restoration Assistance
- Dedicated Call Center Support
- Dark Web Monitoring
“SunTrust cares deeply about the privacy and security of client information,” the bank said in a statement.
“Our priority is protecting our clients and maintaining their trust,” Rogers added. “Beyond this incident, we want to help all SunTrust clients combat the increasing concern about identity theft and fraud, wherever it may occur.”