US Bancorp Breach Affects 11,000 Individuals
Table of Contents
- By Steven
- Nov 01, 2022
US Bancorp is incorporated in Delaware but headquartered in Minneapolis, Minnesota. It is one of the largest banking institutions in the US and is the parent company of the US Bank National Association. The breach has rocked thousands, and the tally of affected customers is now more than ten thousand, though the investigation is ongoing. The breach occurred on September 27, and US Bank began to notify customers in October. While this may seem like a huge number, this breach appears dwarfed by the rest of 2022’s disasters. Many of this year’s breaches have had victim numbers that reached well into the millions.
How Did the Attack Occur?
This attack was ironic because it wasn't really an attack. The data breach occurred when a US Bank employee mistakenly sent the personal information of thousands of customers to an unauthorized entity. "On September 27, one of our trusted vendors accidentally shared a file with your personal information," read the notification sent to affected consumers. “The error was discovered immediately, and the recipients of the file all cooperated fully with our efforts to secure the information.”
What Information Was Viewed or Stolen?
The leaked information included names, outstanding US Bank balances, social security numbers, closed account numbers, birth dates, and addresses. This data can be incredibly sensitive and, with the leak including social security numbers and home addresses, can result in many attacks. Identity theft is the most apparent threat facing the victims, but things like kidnapping and assault are now also concerns for the victims.
How Did US Bank Admit to the Breach?
US Bank admitted to the breach when it sent out its notification letters. The letters explained the violation and its results and assured affected individuals that there was no evidence of the misuse of their information. The data receiver, whose identity remains undisclosed at the time of writing, was incredibly cooperative in recovering the information.
What Will Become of the Stolen Information?
The respondents returned the information immediately, so there may be little done with the stolen information. If the unauthorized parties were as cooperative as US Bank claims, there isn't any information left in public access. We've seen more than once an "accidental" data leak become problematic incredibly quickly. One must also consider the notion that one person in the group that received the data may have copied it and plans to use it maliciously.
What Should Affected Parties Do in the Aftermath of the Breach?
The affected parties will have received a notification letter from US Bank containing instructions on how to help keep themselves safer. The company enclosed a free credit monitoring service for the victims and explained how to activate the membership. Unsurprisingly, US Bank decided to use Experian as its credit monitoring software, resulting in Experian receiving another massive influx of business. One of these days, Experian will have to start turning down some of these gargantuan monitoring orders.