America’s First Horizon Bank has disclosed that they have suffered a data breach attack that compromised the bank’s customers of financial funds.
First Horizon Bank customers direct impact point:
After filing a report with the Securities and Exchange Commission, First Horizon Bank noted that an unauthorized party gained access to the funds of over 100 online customers of the bank.
However, the bank also provided that less than $1 million was stolen from the hacked accounts.
Vulnerability exploitation in bank IT systems:
As for the data breach, it is seemingly possible that the attack may have relied on stolen or brute-forced customer credentials.
Reportedly, a vulnerability that was also persistent inside First Horizon Bank’s internal network systems had been exploited, as was also put forth in the statement.
“Based on its ongoing investigation, the company determined that an unauthorized party had obtained login credentials from an unknown source and attempted access to customer accounts,” the SEC filing explained.
“Using the credentials and exploiting a vulnerability in third-party security software, the unauthorized party gained unauthorized access to under 200 online customer bank accounts, had access to personal information in those accounts, and fraudulently obtained an aggregate of less than $1 million from some of those accounts.”
Regarding the security bug, First Horizon Bank has noted that they have since patched the bug and have taken prompt actions for its impacted customers.
Affected individuals were reportedly assisted and compensated as an aftermath of the data breach.
“Based on its ongoing assessment of the incident to date, the company does not believe that this event will have a material adverse effect on its business, results of operations, or financial condition,” concluded First Horizon Bank.
Layered security should be prioritized:
Security experts are of the opinion that the data breach of such a prominent financial institution should serve as a leading example of the importance of foundational and imperative cybersecurity measures.
Layered defenses against numerous forces and vulnerabilities prove to be one of the most effective protective gears for all types of IT systems and organizations should not remain inadequate while provisioning for them.