Legal Review: SunTrust Data Breach — 1.5 Million Customer Records Affected

By criminal defense attorney Dayne Phillips, who is barred and practices in Columbia, South Carolina.

SunTrust bank, based in Atlanta, said that a former employee compromised 1.5 million customer accounts in a data breach, sharing the data with a criminal third party.

The bank has more than 1,400 branches, 2,100 ATMs in eleven states, including South Carolina, plus Washington D.C. The breach, which accessed customer contact lists, included the customers’ names, addressed account balances and phone numbers; it did not include social security numbers, drivers license numbers, account numbers or passwords.

The bank is working closely with the police and investigators. “Theft, including identity theft, is a serious crime that can severely affect the victims’ financial well-being, and it can be difficult to prove without concrete evidence linking the former employee to the breach,” said Dayne Phillips, a theft lawyer practicing in South Carolina. “SunTrust is responsible for keeping their customer account files secure and confidential. A former employee having access to this sensitive data is inexcusable.”

The bank learned of the breach in February but waited until April 20 to alert the public. According to the bank, it thought the information was not exposed externally until that date. As soon as they found out, the bank made the announcement that they have been working closely with law enforcement.

However, it seems prudent that the sooner the bank lets their customers know of the possibility of any fraudulent activity, the sooner they could have made arrangement to protect their information and identity and prevent any possible identity theft, which can take years to rectify.

Data and cyber breaches are prevalent, and we need to protect ourselves.

In 2016, according to the Identity Theft Resource Center (ITRC) and CyberScout, there were 1,091 data breaches, a 40 percent increase over reported breaches in 2015. In 2017 that number reached 1,579, a 44.7% increase over 2016. As of May 1, 2018, there have been a total of 383 breaches, exposing 12,918,657 records of unsuspecting customers.

This problem is not going away.

According to the bank, no fraudulent or unexplained activity has been detected, and customers can enroll in identity theft protection, IDnotify by Experian, for free. The product includes an annual credit report, credit monitoring, identity theft insurance up to $1 million, help in restoring their identity and monitoring of the dark web.

Customers will not be held responsible for any fraudulent activity in their accounts.