Ex-Employee Tried to Steal SunTrust Data

The bank discloses the "potential theft" of customer information from contact lists but says it has not detected "significant fraudulent activity."
Matthew HellerApril 20, 2018

SunTrust said Friday a former employee may have shared account data with a criminal third party, potentially compromising information on about 1.5 million clients.

The 12th-largest U.S. commercial bank by assets disclosed that it had become aware of a “potential theft” from some of its contact lists.

“Although the investigation is ongoing, SunTrust is proactively notifying approximately 1.5 million clients that certain information, such as name, address, phone number and certain account balances may have been exposed,” it stated in a news release.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver’s license information, according to SunTrust.

“We apologize to clients who may have been affected by this,” SunTrust CEO Bill Rogers said. “We have heightened our monitoring of accounts and increased other security measures. While we have not identified significant fraudulent activity, we will reinforce our promise to clients that they will not be held responsible for any loss on their accounts as a result.”

According to Rogers, the former employee tried to download the customer information six to eight weeks ago. “We began our own internal investigation and through that process, approximately six to eight weeks ago, we discovered that the former employee attempted to download client information,” he said.

A SunTrust spokeswoman refused to disclose the location of the branch where the employee attempted to steal data or the identity of the criminal third-party.

The Atlanta-based bank said it will offer identity protection services to all of its clients free of charge, not just those potentially impacted.

“While management appears to be proactively addressing the data issue, we expect a degree of uncertainty to persist as the duration, breadth, and financial impact of any related investigations (both internal and external) are not yet known,” Evercore analysts wrote in a client note.

SunTrust manages $205 billion in assets and has 1,236 branches. For the first quarter, it reported a 36% rise in profit driven by higher net interest income and lower expenses.