Western Alliance Bank, a Phoenix-based business bank, has notified customers of a data breach caused by a zero-day vulnerability in third-party file transfer software. The breach, which occurred in October 2024, was discovered in January when stolen records were leaked online by hackers.
The bank has not disclosed the specific software involved, but it was among hundreds of organizations targeted by the Clop ransomware gang in October. The group claimed responsibility for exploiting a vulnerability in the Cleo file-sharing tool, which Western Alliance used.
The breach exposed data transferred through the software between October 12-24, 2024, just before the bank was advised to patch its systems. The hackers accessed the personal information of nearly 22,000 customers, including names, Social Security numbers, dates of birth, financial account numbers, driver’s license numbers, tax identification numbers, and passport details.
In an SEC filing, Western Alliance stated: “The Company will work with clients who may have been impacted and will make appropriate notifications to impacted individuals. Although the Company continues to investigate and has not determined the full impact of this incident, at this time the incident has not had a material impact on the Company’s business or operations.”