Thread regarding Truist Bank layoffs

This is an interesting read. It appears that the notification period for a data breach is 36 hours for notice to the regulators. Not 8 months. You can find the actual rule on the FDIC website, but it is lengthy and dry as dust. This is a summary of the rule:

https://bankingjournal.aba.com/2022/02/what-banks-need-to-know-about-new-data-breach-notification-requirements/

@3jzn+1t9JZfi7

Don’t think the bank did a good job in hiding because it’s hard to believe they knew what to hide in the first place. The place is a mess. I left awhile ago and don’t regret it. Sadly I got one of those better than never impacted letters and am exploring legal options.

But for the folks still around, maybe you won’t have to wait until the lawsuit plays out to get details on how the breach happened. If you do, that should be confirmation on what management really thinks about you. Each of you are people who deserve respect even in the lowest form. If the lawsuit doesn’t cause the board and exec management to get it together, think about your selfworth. Rise above what the bank has caused you to become. Change is hard but you’re better than they are.

As politicians are fond of saying, "it's not the crime, it's the cover up." It would be quite interesting to hear the bank explain why they elected not to disclose a data breach for 8 months, and then only after they were publicly outed. It would be even more interesting to hear who made that decision. Electing not to disclose the data breach sure seems like a decision that would have to have approval from the top.

So for eight months now, that stolen data could be used, with the employees and the customers having no idea what is happening. No one knew that they needed to take protective measures. No one knew to keep a closer eye on their accounts. Isn't it likely that the impact to the individuals who had their data compromised could have been diminished had they been told in a timely manner? That's going to be hard to explain to a jury.

Sounds like someone (or MANY someones) need to go stand with their nose in the purpose corner.

I spent some time during lunch to try and find if this data breach was reported on any news sites when it occurred, back in 2023. I was not able to find anything. Truist did a good job hiding it.

Looks like the plaintiff in this case is “Marshall Boyd”. Case is Marshall Boyd vs Truist Bank. It’s a class-action lawsuit among impacted customers.

Average settlement amount for class action data breach lawsuits is in the 10s to 100s millions ($$$). This is going to cost Truist big money

Here’s a more thorough article - https://www.wcnc.com/article/news/local/truist-bank-sued-data-breach/275-dbf93621-de22-42ab-befe-f809a30e5468

If a group of customers is suing, then so should impacted employees. Someone needs to take the initiative to file a lawsuit in federal court. Best to speak to an attorney who will work on a contingency basis.

Companies like Truist will bully employees and try to get away with incidents like this. It’s up to impacted employees to put their foot down and stick it to them through a lawsuit.

Is this why I constantly get locked out of my Truist account?!?

Most likely a premature cloud deployment.

Adding on to what @2hod+1t9JZfi7 said.

Yes there is potential liability for directors, as well as executive management, however it is inconceivable that the bank doesn't have a Directors and Officers policy that would cover any potential liability. Well, it would be inconceivable if it wasn't THIS place. Maybe it was through Truist insurance and is now gone. :)

@1jei+1t9JZfi7
“Do Board members have any potential individual liability (due to their oversight duties) on something like this?”

From a legal friend, yes, the board as well as others like directors, officers, etc can be held liable and/or sued for things like neglecting their duties or something happened because of neglected failure to take action; or, failed in their obligations resulting in a failed breach or mistrust of obligations while operating a company. That’s just several.

The lawsuit filed is definitely merited since the information allegedly compromise in the breach has long-term impact and requires ongoing monitoring unless ya get a new identity.

I think the CISO and CIO departures totally make sense now. Billy needed someone to take the fall. I’m sure the Board will reward this latest incompetence by giving him a 46% raise.

I saw the BleepingComputer article on this breach the day it dropped (6/13), but when I told my team about it they had no idea. Only speculated that its why there was bunch of notifications that had gone out telling people not to answer a seeming uptick of phishing calls/texts being sent to employees. I had figured Truist might send out a notification to employees about it now that it hit the news but I guess they still think they can sweep it under the rug because it had not yet left the niche tech new sites? Who knows.

Now that I think about it, maybe this is why the CISO left in January, and then the CIO a few months after that. Asked to resign for their failure to protect data.

Some of the articles describe MUCH more being compromised than the basics set out below, including account numbers, social security numbers, etc. They haven't notified us because they simply don't care. They said nothing... to anyone... until the hacker offered 65K employees information online for a million dollars. Then tried to gaslight everyone by posting an "updated" notice. You can't update what you never said a--holes.

*Not taken accountability or offered assistance

The news articles say 65000 employee and customer details are compromised...

Does that mean my address, phone number, name, dob, and emergency contacts are available on the internet now?

How could truist not notify us when the incident happened. This company has put me at risk and has taken any accountability or offered assistance.

If this gets to a discovery phase, it could be interesting. Given the operational struggles at Truist, you would think being sued and potentially going to court for downplaying a data breach is the last type of publicity Bill and Co. need at this point.

Do Board members have any potential individual liability (due to their oversight duties) on something like this?

A huge fine might push Vanguard and Black Rock to start paying attention to the sh_t show going on here. At last check they were the two biggest shareholders by far.

So true when they say that after a certain point you only fail upwards..all the incompetent leaders like Ken Meyer, “spike” Lee, Nut Case, etc bolted to new lucrative roles!

@1cpb+1t9JZfi7 which executive leadership? All the so called leaders jumped ship already! Billy boy don’t care shyt!

They've known about this breach for 8 months and elected to hide it. I hope that brings punitive damages and I hope that regulatory agencies come down on executive "leadership" with an iron fist.

Someone needs to contact the lawyers and tell them that truist is handing the company over to foreign contractors giving them direct access to customer data. Firing Americans and replacing them with foreign contractors working in countries with hundreds of millions of followers of islam many of whom are guaranteed to be radicalized. That easily millions of people who hate America. These are high paying American jobs that truist execs are destroying.

People gotta pay for this. Hang the CSuite

How do we know if our employee data was a part of the breach? I always throw away all of my truist mail...

Out of curiosity how many Truist employees knew of it before the news came out a week or two ago?