Western Alliance Bank, a major US banking institution with over $80 billion in assets, recently notified nearly 22,000 customers of a data breach. The breach, discovered in October 2024, resulted in the theft of sensitive customer information.
The bank’s data breach investigation revealed that attackers exploited a zero-day vulnerability in a third-party vendor’s secure file transfer software. This vulnerability, disclosed by the vendor on October 27, 2024, allowed the attackers to access and exfiltrate files from Western Alliance systems between October 12 and 24, 2024. The breach was only discovered after the attackers leaked some of the stolen data.
The compromised data included sensitive personal information such as names, Social Security numbers, dates of birth, financial account numbers, driver’s license numbers, tax identification numbers, and passport information (where provided).
In breach notification letters sent to affected customers and filed with the Office of Maine’s Attorney General, Western Alliance stated:
“We have no evidence to believe that your personal information has been misused for the purpose of committing fraud or identity theft.”
However, the bank is offering affected customers one year of free Experian IdentityWorks Credit 3B identity protection services. The bank encourages customers to utilize this complimentary credit monitoring.
“While we have no evidence that your personal information has been misused as a result of this incident, we encourage you to take advantage of the complimentary credit monitoring included in this letter.”
Western Alliance Bank Data Breach Claimed by Clop Ransomware Group
Although the specific third-party software involved wasn’t publicly named in initial reports or SEC filings, Western Alliance is among 58 companies listed on the Clop ransomware gang’s leak site.
Clop is known for exploiting zero-day vulnerabilities in file transfer software, including Cleo LexiCom, VLTransfer, and Harmony software.
These attacks leveraged vulnerabilities (CVE-2024-50623 and CVE-2024-55956) patched in October and December 2024, respectively. Cleo, the vendor, confirmed the exploitation of these vulnerabilities to deploy malicious backdoor code.
This highlights the critical need for prompt patching and robust security measures, especially given Clop’s history of targeting zero-day flaws in MOVEit Transfer, GoAnywhere MFT, and Accellion FTA.
Helpful Reads:
