Financial institution holding firm First Horizon Company disclosed the a few of its prospects had their on-line banking accounts breached by unknown attackers earlier this month.
First Horizon is a regional monetary providers firm with $84 billion in property that gives banking, capital market, and wealth administration providers.
First Horizon Financial institution, the corporate’s banking subsidiary, operates a community of a whole lot of financial institution places in 12 states throughout the Southeast.
Attackers accessed private data, stole funds
First Horizon found the assault in mid-April 2021 and stated that it solely impacted a restricted variety of prospects.
As found throughout the investigation, the unknown menace actors may breach the shoppers’ on-line financial institution accounts utilizing beforehand stolen credentials and by exploiting a vulnerability in third-party software program.
“Utilizing the credentials and exploiting a vulnerability in third-party safety software program, the unauthorized occasion gained unauthorized entry to underneath 200 on-line buyer financial institution accounts,” First Horizon added in an 8-Ok kind filed with the U.S. Securities and Trade Fee (SEC) on Wednesday.
The attackers had been additionally capable of achieve entry to buyer data saved within the breached accounts and drain funds from a few of them earlier than their intrusion was found.
The monetary providers agency revealed that they “fraudulently obtained an mixture of lower than $1 million from a few of these accounts.”
Prospects reimbursed after breach
The financial institution holding agency reimbursed all of the impacted prospects for his or her stolen funds after discovering the info breach.
First Horizon additionally notified related information regulators and regulation enforcement businesses and opened new banking accounts for affected prospects.
The corporate additionally remediated the software program vulnerability exploited by the attackers throughout the incident and reset the passwords for impacted accounts.
“Based mostly on its ongoing evaluation of the incident so far, the Firm doesn’t consider that this occasion may have a fabric opposed impact on its enterprise, outcomes of operations or monetary situation,” First Horizon concluded.
Whereas First Horizon didn’t present any data on the exploited third-party software program, large collections of stolen person credentials doubtlessly reused on a number of websites have been bought or leaked totally free by varied menace actors for years.
The newest examples are tens of hundreds of thousands of person information containing private information and credentials belonging to ParkMobile, BigBasket, and Nitro PDF prospects shared totally free on hacking boards.
First Horizon Financial institution division IBERIABANK Mortgage disclosed another data breach spanning virtually two years and exposing prospects’ private data a day after its father or mother firm merged with First Horizon Bank on July third, 2020.
A First Horizon spokesperson was not out there for remark when contacted by BleepingComputer earlier right this moment for extra particulars concerning the breach disclosed earlier this week.