htt ps://ww w.bleepingcomputer.com /news/security/truist-bank-confirms-data-breach-after-stolen-data-shows-up-on-hacking-forum/
But hey, I'm sure moving even more of our InfoSec, CyberSec, and IT teams offshore will make us even more secure... This company is just sc--wed.
Conspiracy theory: management made up this story, who are the parties suing? this is a reverse psychology coverup if i’ve ever seen one.
"Here's to hoping this catches fire and costs a lot of EL their jobs."
I wish what would happen. Instead the el will find a way to blame the grunts. Then they will bring in a third-party, with cyber/breach insurance, to do our jobs.
The best part is watching that rude Sean guy eat cr-p. He runs his mouth like a tough guy but can't secure 65k employee and customer accounts.
I realize that current employees are limited in what they can do regarding this clear attempt to hide a huge data breach by the id--ts that run this sh-t shack, but I'm really surprised that clients and former employees aren't filing complaints with every regulatory agency in the country. Here's to hoping this catches fire and costs a lot of EL their jobs.
While I won't claim to know for certain, I suspect that there is a reporting requirement to the various regulatory agencies. Particularly since some of those employees are also clients of the bank. Any bets on whether they complied?
I made the horrific mistake to transfer to the Account Security and Claims department October 2023. The week before I transferred, a BTM called with an FIS account that had a fraud lock on it. Someone removed it without authorization and the account was instantly swarmed on with Amazon Gift Card fraud. Nobody authorized the lock to be removed , not the bank teammate or the customer. ASC is the only department that has the credentials/permissions to remove those locks. Someone in the Truist fraud department removed the lock and set up the Amazon Gift Card fraud. 3 weeks after I started in the fraud department, one of the managers falsified my timecard to get me fired for occurrences. Do you know that Truist did not run a background check on me and the call center has the cameras removed from the agent/management area? They are in the kitchens and hallways, but not where we were working with customers data. The fraud department reeks of a criminal element. Let’s get them or at least get them in the news for the wrong reasons. They let these unvetted agents go to the doctor, lie about a medical condition and then get sent remote. And they don’t use Ethernet cables. That company is a den of thieves. Write me if you want to swap stories. I dont care if Truist sees this the truth is an absolute defense against slander and libel. bbookmancma@gmail.com
@1sra+1t10mkDc - Recourse for Truist employees impacted is filing a class action suit. Would need to be filed in federal court in western district of North Carolina; as Truist is HQed in charlotte. Someone just needs to take the initiative to consult an attorney to file the class action suit.
@1rca+1t10mkDc - Well said! Could not agree more.
Checking out what’s going over here after hearing the news. Doesn’t sound good at all. 1 person may have the bulk data for sale but it also means others had access to some of it and have already exploited it likely through fraud. Now that it’s out hope you all get some information from inside before the bank is forced by lawsuits. Good luck.
Over here at JPMC we have our issues to.
https://www.pionline.com/courts/data-breach-victim-files-class-action-suit-against-jp-morgan-chase
I also got multiple phishing texts, took print screens and reported them to cyber. Crickets. A few weeks later, a generic Truist email that teammates were reporting this issue and to delete the text messages. In other words, in Truist's eyes, nothing to see here. And obviousy there is. I would like to know from someone who does know, how Truist is able to avert the regulators for a major security breach and what is recourse for those employed by Truist.
Hmm, so there was a data breach in October, almost 8 months ago, and then everyone is getting text messages on their private cell phones, but not a peep from leadership about the breach. In fact, they have no idea why we were getting phishing text messages, on our personal cell phones. And now it’s out that not only was there a breach, but our personal data is for sale on the Dark Web. But, I mean, employees aren’t real bank customers, and it’s not like EL data was exposed, so who cares, right?
Notice that when our personal data is stolen, we are “employees,” but when it’s time to “play offensive, and do more,” we are teammates? Interesting.
Funny story - apparently when all the project Star RIFs were notified of their bonuses, Truist accidentally sent the complete list of bonuses to all the teammates that were laid off. Oops.
“So which is it EL, was that a lie or do you just consider 65,000 employees "not significant"?
“Dishonesty” and “not considering employees significant” are two areas where our executive leadership team defines themselves. Everything they have done since day one underscores that these are guiding principles they hold very dear to their hearts.
Now if they could just be as consistent in executing an actual business plan, maybe we wouldn’t be in the mess we are in now.
When filing the class action make sure you file against every entity that has had a breach last year you were impacted by
Hahahahahaha
This laugh in A V P
@1won+1t10mkDc
“..fraud can’t convince me otherwise!”
No chance of them trying to since that area is offshored. Fraudulent complaints is top of list. Mitigations pending and rising.
Class action lawsuit by employees waiting to happen
Shaking my head after all I got 30 other teammate compensation awards with salary and names and addresses attached to mine. Not surprised
Let’s just call it like it is all the offshoring is the culprit for all the breaches and fraud can’t convince me otherwise!
So a top 10 merged bank has a breach over 6 months ago and acknowledges it ONLY after exposed. And the bank thinks all the current remediation has it in a hole. This could sink what’s left of it via class action lawsuits/settlements and fines. No matter what story executive leader-cr-p gives now won’t help even if reading from a cue card. Kids getting caught with hands in cookie jar could craft a better excuse than this bank at this point.
So whose town hall is next and who has the guts to question them about it?
EL clearly knew that there was a breach of data for clients and employees. And they elected to hide that information. Does anyone here remember getting fake Truist texts last year? I sure do, and had family members that received them as well. These forkers knew then that that there was a breach, but tried to hide it.
We have a mutual exclusivity issue going on here. Either they knew about the breach in 2023 and informed the impacted people, which they are now "updating" and lied I the pdf linked earlier. Or they failed to notify people and are now gaslighting people by saying "we told you this before." Both can't be true.
The "updated" notice was posted today, after the news broke publicly. The post prior to that... The one that is allegedly being "updated"... I'm sure was never posted at all. Look at the date on the alleged update. October, 2023. Remember what was happening last October? Reorgs and layoffs. And that was being posted exclusively on the briefing room site. I'm sure LOTS of people were checking it regularly. Anybody remember a post telling you that YOUR information had been exposed?
Should your memory fail, as mine does sometimes, if you scroll about half way down the page, you will see an archive for October, 2023. And in that archive, you will find nothing about a data breach.
When was the announcement in the briefing room about this posted?
If you Google "truist data breach" you'll find a document posted on Truist.com entitled "Truist Disclosure Summary 2023." At the top of the second page, you will find a statement that says "Truist had no material breaches during the time period of this disclosure (2023)." I would post it, but it's a pdf that I can't figure out how to post.
So which is it EL, was that a lie or do you just consider 65,000 employees "not significant"?
I also believe that they have a data breach reporting requirement to the FDIC and the SEC. Was that done or was that also not significant?
So odd the 65,000 employees weren’t notified.
65,000 employees PII exposed - https://www.techradar.com/pro/security/truist-bank-confirms-data-breach-after-stolen-data-appears-online
There is now an announcement on the briefing room about this. It's characterized as an "update." How do you update something that wasn't disclosed?
Odd thing is the article said employee information, but our communication said client information. Maybe it was both?
Was not quickly detained and was done in coordination of an insider
Well on the bright side the more offshoring the more yachts our executives will acquire. Cool!