Truist investigates data breach, notifies employees and some customers

The bank is offering identity protection services


Truist Financial Corp. said it is responding to a cybersecurity incident, notifying employees and some of its customers.

The Charlotte-based bank, formed in 2019 in a merger of BB&T and Atlanta-based SunTrust, employs thousands of Georgians and is the largest bank in Georgia.

The data breach dates back to October 2023, with Truist saying that it “experienced a cybersecurity incident” that month and that it was “quickly contained.”

The company said it notified “a small number” of customers last fall and took additional measures to secure its systems.

On Friday, Truist said: “Based on new information from the ongoing investigation of the October 2023 incident, we have notified additional clients.” The company said it was also notifying employees. reported Thursday evening that a threat actor known as Sp1d3r is selling for $1 million what they claim is stolen Truist data containing information belonging to 65,000 employees, bank transactions with name and account number and other information. BleepingComputer also noted it could not independently verify those claims.

As of June 30, 2023, Truist had nearly $65 billion in customer deposits in Georgia and 214 branches, according to the most recent data from the Federal Deposit Insurance Corporation.

Truist said on Friday: “We have found no indication of fraud arising from this incident at this time, but out of an abundance of caution and to provide care, we’re making identity protection services available at no cost.”

“We sincerely apologize for any concern or inconvenience these notices may have caused,” Truist said.