UPDATED 22:39 EST / APRIL 28 2021

SECURITY

Financial services firm First Horizon suffers data breach with customer funds stolen

Financial services company First Horizon Corp. has suffered a data breach that saw customer accounts accessed and funds stolen.

Disclosed in a filing today with the U.S. Securities and Exchange Commission, the data breach is described as involving an authorized third party obtaining login credentials from an unknown source and then attempting to access customer accounts. The third party then gained access to fewer than 200 online customer bank accounts, had access to personal information in those accounts and then fraudulently obtained an amount of less than $1 million from those accounts.

While not disclosing the exact method of the attack, First Horizon then said it remediated a software vulnerability, suggesting the attack involved exploiting unpatched software used by the bank.

Along with resetting passwords, the bank has reimbursed the stolen funds and notified regulators and law enforcement.

“Attackers are adept at finding the weakest link,” Robert Haynes, software composition analyst and open-source evangelist at application security testing firm Checkmarx Ltd., told SiliconANGLE. “This is most frequently a human, and often results in phishing or spear-phishing attacks against IT staff, as their credentials are the most useful to an attacker.”

Haynes noted that attackers also exploit vulnerable technology, often in conjunction with illicit credentials they may have obtained. In the case of First Horizon’s data breach, he added, it may have involved third-party software ranging from a virtual private network or software libraries providing onetime passcodes.

“Whatever the mechanism of compromise used here, it’s another reminder that all organizations, but especially financial services organizations, need to consider the totality of their attack surface area, from the email security of the most senior company officer down to the smallest software library used in their applications,” Haynes said.

Alexa Slinger, identity management expert at identity and access management provider OneLogin Inc., noted that financial institutions must work with a trusted access management provider to put guardrails and safety measures in place for their consumer identities and data, as well as have a crisis management and recovery process ready. “This breach also highlights the need for consumers to be educated on and have access to a form of two-factor authentication to act as an additional layer of security when their credentials are compromised,” she said.

Image: First Horizon

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.