SunTrust, the country’s 12th largest bank with more than 200 billion dollars in assets and 1,236 branches disclosed yesterday that it was victimized by a data breach in which customer data of approximately 1.5 million of its customers was stolen. What makes this particular data breach different from many of those that we have seen in recent years is that, in this instance, the data breach did not occur as a result of an outside hack of SunTrust’s computers, but instead has been traced back to a former employee. According to SunTrust’s CEO and Chairman William Rogers Jr. the rogue former employee stole names and account balances, but not Social Security numbers, account numbers or passwords.
SunTrust has indicated that it will be providing free credit monitoring service to those affected by the data breach. Details of the free service have not yet been made public, but when they do, I will inform you as to what you need to do to avail yourself of these services if you were a victim of this data breach.
This data breach brings back memories of the massive data breach at J.P. Morgan Chase in 2014 where which similar information was stolen affecting 76 million households and 7 million small businesses by Russian hackers who used that information to formulate spear phishing emails for phony pump and dump investment scams.
For customers of SunTrust, now is not the time to run and hide nor take your money out of the bank.  You should, however, be on the alert for contact from either the people behind the data breach, people who may have purchased the stolen information from the rogue employee or even totally independent identity thieves who will start contacting people through emails, text messages and phone calls purporting to be from SunTrust.  In these contacts, they will attempt to lure unsuspecting victims into providing personal information under various guises or clicking on links to obtain what may appear to be important information.  If you provide that personal information all you will do is end up a victim of identity thief.  If you click on the links in emails or text messages appearing to be from SunTrust you may well end up downloading keystroke logging malware that will steal all of the information from your computer that will be used to make you a victim of identity theft.  Trust me, you can’t trust anyone.  Even if your Caller ID appears to show that the call you receive is from SunTrust, scammers are able to make their calls appear to be from SunTrust through a tactic called spoofing.  The best course of action if you receive any purported communication from the bank is to not respond directly, but instead contact the bank independently on your own to find out what the truth is.
If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”