Skip to main content
close search
site logo
Dive Brief

First Horizon breach highlights rising threats against financial institutions

Published April 29, 2021
David Jones's headshot
Reporter
A man looks at lines of code depicted on a computer screen
sestovic via Getty Images

Dive Brief:

  • First Horizon, a Memphis, Tennessee-based bank, was hit by a data breach where an unauthorized party obtained login credentials and exploited a vulnerability in third-party security software, the company announced in a SEC filing Wednesday. The compromise allowed attackers to access less than 200 online accounts, steal personal information from the victims and exfiltrate less than $1 million, according to a filing with the Securities and Exchange Commission.

  • The company discovered the incident during the middle of April and has since fixed the software vulnerability, reset passwords and is working with the customers impacted by the breach to close their accounts and reopen new ones. 

  • First Horizon has reimbursed the funds and notified law enforcement and other appropriate authorities about the breach, according to the filing. Company officials said in the filing they do not expect the breach will have a materially adverse impact on its financial condition or business operations.

Dive Insight:

The attack highlights the potential risk that financial institutions face when trying to protect customer account data and financial assets. 

"Attackers are adept at finding the weakest link," Robert Haynes, SCA and open source evangelist at Checkmarx said via email. "This is most frequently a human, and often results in phishing or spear phishing attacks against IT staff, as their credentials are often most useful to an attacker."

The third-party software vulnerabilities could range anywhere from a VPN vulnerability to a software library that provides one-time passcodes, Haynes said.

Three-quarters of financial institutions, including banks and insurance companies in the U.K. and U.S., faced a rise in cybercrime in the 12-month period after March 2020, when the U.S. lockdown began, according to a report released Wednesday from BAE Systems Applied Intelligence. 

"Attackers are building increasingly advanced capabilities to target core banking systems and becoming more aggressive, harming victim’s ability to respond to attacks," said Adrian Nish, head of cyber at BAE Systems Applied Intelligence, as part of the report. 

The report shows 56% of U.S. and U.K. banks and insurers had a surge in financial losses related to cyber activity over the last year, averaging about $720,000 per incident. 

A separate report from VMware also indicates a surge in cyberattacks against financial institutions, particularly since the COVID-19 pandemic began in early 2020. 

The report, based on interviews with 126 chief information security officers from across the globe, shows that 54% of financial institutions experienced destructive attacks against their organization, representing a 118% increase from 2020 figures. 

First Horizon National Bank last year merged with Iberiabank, creating a bank with $79 billion in assets and $60 billion in deposits. 

Bank officials could not be immediately reached for comment. 

Filed Under: Breaches

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell