Skip to main content

Bank Employee Steals Info On Over A Million Customers

By May 4, 2018June 8th, 2022Cybersecurity

Atlanta-based SunTrust Bank is the 12th largest bank in the US. They have a major problem, and so do roughly a million and a half of its customers.  According to CEO William Rogers, an unidentified employee of the firm printed a vast amount of private customer information, including their names, addresses, phone numbers and account balance information.

Rogers stressed that social security numbers, account numbers, driver’s license numbers, user IDs, and passwords were not exposed.  In a recent press release, he had the following to say:

“In conjunction with law enforcement, we discovered that a former employee while employed at SunTrust may have attempted to print information on approximately 1.5 million clients and share this information with a criminal third party.

We and third parties have done forensic analysis on these accounts and we have not identified significant fraudulent activity regarding the effect of the accounts.”

Even so, this is a blow to the company’s image, and the lost trust won’t be easily regained.  It also underscores how vulnerable companies are to internal threats.

In response to the attack, SunTrust is offering ongoing IDnotify identity protection (offered through Experian) to all its current and new clients at no cost.

The company’s handling of the issue so far has been about as good as can be expected.  The unfortunate reality is that there aren’t many good ways of stopping a rogue employee from making off with sensitive customer data or proprietary company information.  Better auditing protocols and controls can help, but only to a certain extent.  While those kinds of policies make it easier to detect when an internal theft has occurred, they do nothing to actually prevent them.

This puts management in a tricky spot.  Employees have to be trusted with sensitive data in order to do their work, which also increases risk.  There aren’t many good solutions here beyond better vetting of employees, but of course, that is by no means a magic bullet either.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.