SunTrust Banks has signed up all of its customers to identity protection services following the suspected theft of up to 1.5 million records by a former employee.
The Atlanta-based financial company said late last week that current and new clients will be automatically enrolled in the Experian IDnotify service until further notice at no cost.
SunTrust, which deals with international investment, mortgage, asset management, securities brokerage, and capital market services, among others, said that the potential theft of customer data was exposed through information relating to their contact lists.
The former staff member is at the heart of an investigation and it is believed that up to 1.5 million customers may have had their names, addresses, phone numbers, and "certain account balances" stolen.
SunTrust says that other personally identifiable information (PII), including social security numbers, account numbers, PINs, User IDs, passwords, and driver's license information is secure and was not involved in the security breach.
"Ensuring personal information security is fundamental to our purpose as a company of advancing financial well-being," said Bill Rogers, SunTrust CEO. "We apologize to clients who may have been affected by this. We have heightened our monitoring of accounts and increased other security measures."
"While we have not identified significant fraudulent activity, we will reinforce our promise to clients that they will not be held responsible for any loss on their accounts as a result," the executive added.
Rogers said that an attempt was made to download the data between six and eight weeks ago, according to Reuters.
SunTrust is working with third-party cybersecurity experts and has notified law enforcement.