Skip to main content
close search
site logo
Dive Brief

First Horizon breach highlights rising cyber threats against banks

Published April 29, 2021
David Jones's headshot
Reporter
A man looks at lines of code depicted on a computer screen
sestovic via Getty Images

First published on

Cybersecurity Dive

Dive Brief:

  • Memphis, Tennessee-based First Horizon was hit by a data breach in which an unauthorized party obtained login credentials and exploited a vulnerability in third-party security software, the company announced in a filing Wednesday with the Securities and Exchange Commission (SEC). The compromise allowed attackers to access fewer than 200 online accounts, steal personal information from the victims and exfiltrate less than $1 million, according to the filing.

  • The company discovered the incident in mid-April and has since fixed the software vulnerability, reset passwords and is working with customers affected by the breach to close their accounts and open new ones. 

  • First Horizon has reimbursed the funds and notified law enforcement and other appropriate authorities of the breach, according to the filing. Company officials do not expect the breach will have a materially adverse impact on its financial condition or business operations, they said in the filing.

Dive Insight:

The attack highlights the potential risk that financial institutions face when trying to protect customer account data and financial assets. 

"Attackers are adept at finding the weakest link," Robert Haynes, software composition analyst and open-source evangelist at Checkmarx, said in an email. "This is most frequently a human, and often results in phishing or spear phishing attacks against IT staff, as their credentials are often most useful to an attacker."

The third-party software vulnerabilities could range anywhere from a virtual private network vulnerability to a software library that provides one-time passcodes, Haynes said.

Three-quarters of financial institutions, including banks and insurance companies in the U.K. and U.S., saw a rise in cybercrime in the 12-month period after March 2020, when the U.S. lockdown began, according to a report released Wednesday from BAE Systems Applied Intelligence. 

"Attackers are building increasingly advanced capabilities to target core banking systems and becoming more aggressive, harming victims' ability to respond to attacks," said Adrian Nish, head of cyber at BAE Systems Applied Intelligence, as part of the report. 

The report shows 56% of U.S. and U.K. banks and insurers had a surge in financial losses related to cyber activity over the past year, averaging about $720,000 per incident. 

A separate report from VMware also indicates a surge in cyberattacks against financial institutions, particularly since the COVID-19 pandemic began in early 2020. 

The report, based on interviews with 126 chief information security officers from across the globe, shows that 54% of financial institutions experienced destructive attacks against their organization, representing a 118% increase from 2020 figures. 

First Horizon National Bank last year merged with Iberiabank, creating a bank with $79 billion in assets and $60 billion in deposits. 

Bank officials could not be immediately reached for comment. 

Filed Under: Technology, Risk

Editors' picks

  • Consumer Financial Protection Bureau Director Rohit Chopra testifies before the Senate Banking, Housing and Urban Affairs Committee April 26, 2022 in Washington, DC.
    Image attribution tooltip
    Win McNamee via Getty Images
    Image attribution tooltip

    CFPB issues final rule on open banking

    Payment apps are included in the data-control rule, in a change from last year’s proposal. Banks and credit unions with less than $850 million in assets are exempt.

    By Dan Ennis • Oct. 22, 2024
  • The exterior of Five Star Bank's Rancho Cordova office building is shown, with "Five Star Bank" in white letters at the top left of the building exterior.
    Image attribution tooltip
    Permission granted by Smriti Shakargaye
    Image attribution tooltip

    Five Star Bank bets on its California roots in Bay Area move

    The Sacramento-area lender found San Francisco a tough market to crack. But when East Coast banks swooped in and former First Republic customers grew disenchanted, Five Star hatched a strategy.

    By Caitlin Mullen • Aug. 27, 2024

Company Announcements

View all | Post a press release
interface.ai Reinforces AI Leadership in Financial Services with Industry-Unique Device Biomet…
From Jordan Mitchell
November 21, 2024
Cross Border Payment Solutions Launches to Help Business Take Control of International Finance
From Cross Border Payment Solutions
November 18, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
  • Consumer Financial Protection Bureau Director Rohit Chopra testifies before the Senate Banking, Housing and Urban Affairs Committee April 26, 2022 in Washington, DC.
    Image attribution tooltip
    Win McNamee via Getty Images
    Image attribution tooltip

    CFPB issues final rule on open banking

    Payment apps are included in the data-control rule, in a change from last year’s proposal. Banks and credit unions with less than $850 million in assets are exempt.

    By Dan Ennis • Oct. 22, 2024
  • The exterior of Five Star Bank's Rancho Cordova office building is shown, with "Five Star Bank" in white letters at the top left of the building exterior.
    Image attribution tooltip
    Permission granted by Smriti Shakargaye
    Image attribution tooltip

    Five Star Bank bets on its California roots in Bay Area move

    The Sacramento-area lender found San Francisco a tough market to crack. But when East Coast banks swooped in and former First Republic customers grew disenchanted, Five Star hatched a strategy.

    By Caitlin Mullen • Aug. 27, 2024
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell