Arizona-based Western Alliance Financial institution is notifying almost 22,000 prospects their private data was stolen in October after a third-party vendor’s safe file switch software program was breached.
Western Alliance is a completely owned subsidiary of Western Alliance Bancorporation, a number one U.S. banking firm with over $80 billion in belongings.
The financial institution first revealed in a February SEC submitting that the attackers exploited a zero-day vulnerability within the third-party software program (disclosed by the seller on October 27, 2024) to hack a restricted variety of Western Alliance techniques and exfiltrate information saved on the compromised gadgets.
Western Alliance discovered that buyer information was exfiltrated from its community solely after discovering that the attackers leaked some information stolen from its techniques.
In breach notification letters despatched to 21,899 affected prospects and filed with the Workplace of Maine’s Lawyer Basic, the corporate stated it has since “decided that the unauthorized actor acquired sure information from the techniques from October 12, 2024, to October 24, 2024.”
An evaluation of the stolen information concluded on February 21, 2025, and located they contained buyer private data, together with your identify and Social Safety quantity, in addition to their dates of delivery, monetary account numbers, driver’s license numbers, tax identification numbers, and/or passport data if it was supplied to Western Alliance.
“We now have no proof to consider that your private data has been misused for the aim of committing fraud or identification theft,” Western Alliance added, saying it is also providing these affected one yr of free membership for Experian IdentityWorks Credit score 3B identification safety providers.
“Whereas we have now no proof that your private data has been misused because of this incident, we encourage you to benefit from the complimentary credit score monitoring included on this letter.”
A Western Alliance spokesperson was not instantly accessible for remark when contacted by BleepingComputer earlier immediately.
Breach claimed by Clop ransomware
Whereas the safe file switch software program compromised within the breach was not named within the breach notification letters or the February SEC submitting, the financial institution is one among 58 corporations the Clop ransomware gang added to its leak web site in January.
The cybercrime group was behind a collection of assaults exploiting a pre-auth zero-day vulnerability (CVE-2024-50623) in Cleo LexiCom, VLTransfer, and Concord software program patched in October, when the corporate warned prospects to improve instantly.
In December, Cleo launched security updates for a second zero-day (tracked as CVE-2024-55956) that the Clop menace actors exploited to deploy a JAVA backdoor dubbed “Malichus” to steal information, execute instructions, and acquire additional entry to the victims’ networks.
“This vulnerability has been leveraged to put in malicious backdoor code on sure Cleo Concord, VLTrader, and LexiCom cases within the type of a malicious Freemarker template containing server-side JavaScript,” Cleo defined in a non-public advisory.
Whereas it is at the moment unknown what number of corporations had been breached in these assaults, Cleo claims its software program is utilized by over 4,000 organizations worldwide.
Clop was beforehand linked to a number of different information theft campaigns lately, focusing on zero-day flaws in MOVEit Switch, GoAnywhere MFT, and Accellion FTA.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and how you can defend in opposition to them.
