First Horizon Corporation Affected by A Data Breach with Clients Funds Stolen
Over 100 Online Customers Had Their Money Accessed by An Unauthorized Attacker.
Financial services organization First Horizon Corporation has revealed it has suffered a data breach that saw clients’ accounts accessed and funds stolen.
First Horizon Corporation is a bank holding company based in Memphis, Tennessee. Its banking subsidiary, First Horizon (formerly First Tennessee), is the largest bank in Tennessee and the fourth largest regional banking company in the Southeast.
First Horizon Corp. is the fourteenth oldest United States bank on the list of oldest banks in continuous operation. The company provides financial services including banking, wealth management, insurance, and trading services.
Last week, First Horizon Bank declared in a filing with the Securities and Exchange Commission (SEC) that the data breach, discovered in mid-April 2021, included a legitimate third party that gained login credentials from an unknown source and then tried to access customer accounts.
Threat actors obtained access to over 100 online clients’ bank accounts and managed to steal less than $1 million from the compromised accounts.
Besides the employment of stolen customer credentials, the attack seemed to have relied also on the exploitation of a vulnerability within the financial services company.
Using the credentials and exploiting a vulnerability in third-party security software, the unauthorized party gained unauthorized access to under 200 online customer bank accounts, had access to personal information in those accounts, and fraudulently obtained an aggregate of less than $1 million from some of those accounts.
First Horizon, formerly known as First Tennessee Bank, declared that it had remediated the software vulnerability, reset the impacted customer passwords and all its affected clients were reimbursed for their stolen money.
The financial services company also informed data regulators and law enforcement services and opened new banking accounts for the impacted clients.
First Horizon added:
Based on its ongoing assessment of the incident to date, the Company does not believe that this event will have a material adverse effect on its business, results of operations, or financial condition.
While there is no further information on the used third-party software, specialists argue that the incident should serve as a warning for IT security teams that layered defenses are essential today.
Threat actors exploit vulnerable technology, often simultaneously with illegal credentials they may have acquired. In the case of First Horizon’s attack, it may have involved third-party software varying from a virtual private network or software libraries providing onetime passcodes.