Hackers have been out in force this year, especially when it comes to security incidents like data breaches and, increasingly, the opportunity to take advantage of lax security and other vulnerabilities at banks and financial institutions.
A major regional bank based here in Memphis, for example, reported in recent days that some of its customers have had to deal with unauthorized access to their accounts as well as the stealing of funds. “Based on its ongoing investigation,” First Horizon acknowledged in a securities filing, “the Company determined that an unauthorized party had obtained login credentials from an unknown source and attempted access to customer accounts.” Using those stolen credentials and exploiting a vulnerability in third-party security software, the attackers were able to access “under 200” online customer bank accounts. They also accessed personal information associated with those accounts and, according to the bank, fraudulently obtained funds from those accounts which First Horizon said totaled less than $1 million.
First Horizon, which operates a network of around 250 bank locations across the Southeast, went on in its announcement to stress that the financial services company has fixed the software vulnerability, reset the affected customer passwords, reimbursed affected customers, and is working with those affected to close accounts and open new ones.
Separate from First Horizon, meanwhile, hackers also attacked a different financial institution in recent days — AmeriFirst Financial Inc., of Arizona, which disclosed that some personal loan information of customers was compromised in a security incident.
The company said it discovered this breach around mid-April, and it relates to the bank’s data storage having been infiltrated by attackers between December 2 and December 10 of last year. “While we have no reason to believe that your personal information has been misused, we are notifying you so that you have the information and tools necessary to help detect and prevent any misuse of your personal information,” reads a notice about the incident from company CEO Eric Bowlby.
National Law Review reports that a forensic investigation is underway now about what happened at this $79 million financial institution, which has branches in California, Arizona, and Utah. Furthermore, AmeriFirst has said that the customer information stolen as part of this security incident included such data as first and last names, dates of birth, Social Security numbers and tax ID numbers, passport numbers, and driver’s license info. Bowlby’s notice adds that:
“To help relieve concerns and restore confidence following this incident, we have secured the services of Kroll to provide identity monitoring at no cost to you for one (1) year. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data. Your identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.”