An American bank has admitted nearly 22,000 customers had their accounts compromised following an attack that targeted a zero-day flaw in a third-party file-transfer tool.
In a regulatory filing, Arizona-based Western Alliance Bank said attackers had access between 12 and 24 October last year, though the bank reportedly only became aware of the attack in January.
Hackers accessed customers' names, social security numbers, birthdates, drivers license details, tax numbers, passport information, and account numbers. The company has begun notifying those impacted by the incident.
The filing didn't detail which software was targeted, but Western Alliance Bank was one of dozens of companies named in by the Cl0p ransomware group in January after a series of attacks using the Cleo file transfer zero-day flaw last year.
Reports online this week also suggested the source of the incident was the Cleo flaw.
Clop claimed to have accessed data by breaching the file transfer program late last year, warning that named companies had days to begin ransom negotiations before data would be published.
Other companies named included Blue Yonder and Datatrac, though some on the list have denied they were actually hacked, and Western Alliance hasn't confirmed that its attack was part of the Clop attack.
Clop has previously targeted other file-sharing products, including Progress Software's MOVEit Transfer and Fortra's GOAnywhere.
What happened with the Cleo flaw?
The Cleo attack is ranked among one of the most devastating cybersecurity incidents in recent years, affecting a host of organisations globally.
The company first warned that hackers were making use of the zero-day flaw in October, issuing a patch to mitigate the attacks.
However, a month later, security firm Huntress said attacks were continuing because the first patch didn't fully fix the flaw, advising those at risk to move any exposed systems behind a firewall.
Cleo published a subsequent patch to fix the flaw in December and advised all customers to upgrade their version of the software, though only specific editions were affected.
Incident highlights continued financial services risks
Akhil Mittal, senior security consulting manager at Black Duck, said the incident highlights the continued threats faced by financial services firms.
"Customers aren’t shocked when financial institutions get hacked; they expect it," Mittal said. "It’s essential for financial institutions to detect and notify their customers of any data loss as soon as possible to prevent further loss and ensure the right next steps are taken quickly."
Mittal added that a widespread overreliance on third-party software suppliers also exacerbates the issue, with many institutions having fallen victim to supply chain breaches in recent years.
"Organizations continue to trust third-party software without enough oversight, and every few months, the same scenario plays out—a vendor gets breached, sensitive data is stolen, and customers get offered a year of credit monitoring that does little to fix the real issue," he said.
"This isn’t just about Western Alliance — it’s a systemic problem with third-party risk," Mittal added.
MORE FROM ITPRO
