Truist Bank Data Breach And Kulicke & Soffa Cyberattacks
The Truist Bank breach sells for $1M, compromising data of 65K employees, bank transactions, and IVR funds transfer source code.
Ashish Khaitan
Last updated on June 18th, 2024
Share on LinkedInShare on Twitter
A threat actor on a dark web forum has listed data from Truist Bank for sale following a cyberattack on the banking institution. Meanwhile, Kulicke and Soffa Industries, Inc. (K&S) is also dealing with a data breach.
Reports indicate that Truist Bank client data, including sensitive information such as employee details and bank transactions, has been put up for sale on the dark web. The alleged Truist Bank data leak is attributed to a threat actor known as Sp1d3r.
Truist has confirmed a cybersecurity incident from October 2023, and stated that the “incident is not linked to Snowflake. To be clear, we have found no evidence of a Snowflake incident at our company”.
Truist Bank Data Breach Allegedly Goes on Sale on Dark Web
According to the threat actor’s post, the Truist Bank data breach is now selling for $1 million. The compromised data includes details of 65,000 employees, bank transactions containing names, account numbers, balances, and the source code for IVR funds transfers.
Source: Dark Web
The post by the threat actor provides specific information about the data for sale and contact details for purchase. Additionally, the post includes various usernames, threads, reputation points, and contact information such as XMPP handles and email addresses associated with the threat actor.
In a conversation with TCE, Truist confirmed the cyberattack from and stated that “In October 2023, we experienced a cybersecurity incident that was quickly contained. In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last Fall. That incident is not linked to Snowflake. To be clear, we have found no evidence of a Snowflake incident at our company.”
Meanwhile, Kulicke and Soffa Industries, a renowned semiconductor and electronics manufacturing company, disclosed a breach compromising millions of files. Initially detected on May 12, 2024, the breach exposed critical data, including source codes, engineering information, and personally identifiable information.
Two Cybersecurity Incidents at Once
In response to the Kulicke and Soffa data breach, K&S swiftly initiated containment measures in collaboration with cybersecurity experts and law enforcement agencies. The company’s cybersecurity team worked diligently to isolate affected servers and prevent further intrusion. Despite the breach, K&S remains committed to safeguarding its systems and data integrity.
In a filing with the U.S. Securities and Exchange Commission (SEC), K&S detailed its efforts to mitigate the impact of the breach. The company assured stakeholders that, as of the filing date, the incident had not materially disrupted its operations. However, investigations are ongoing to ascertain the full extent of the breach and increase the cybersecurity measures in place.
As for the Truist Bank story, a spokesperson for Truist confirmed that they are working with “law enforcement and outside cybersecurity experts to help protect our systems and data. Based on new information from the ongoing investigation of the October 2023 incident, we have notified additional clients. We have found no indication of fraud arising from this incident at this time”.
The Truist Bank data breach and the Kulicke and Soffa cyber incident highlight the persistent threat of cyberattacks faced by organizations worldwide. While both entities are actively addressing the breaches, the incidents highlight a broader case of cybersecurity measures and their impact in safeguarding sensitive information and maintaining trust in the digital age.
