The data breach at Western Alliance Bank has affected 21,899 customers, revealing sensitive personal information after hackers took advantage of a zero-day vulnerability in a third-party vendor’s secure file transfer software. The Arizona-based bank, part of Western Alliance Bancorporation, reported that unauthorized access occurred between October 12 and 24, 2024, with the vendor announcing the flaw on October 27.
Western Alliance initially disclosed the breach in a February report to the US Securities and Exchange Commission (SEC), indicating that a limited number of its systems had been compromised and files on those systems had been stolen. The breach came to light when cybercriminals leaked the stolen data, leading to an internal investigation. By February 21, 2025, the bank completed its review and confirmed that personal information had been accessed. The compromised data includes customer names, Social Security numbers, birth dates, financial account information, driver’s license numbers, tax identification numbers, and passport details if provided.
Despite the seriousness of the breach, Western Alliance Bank has stated that there is no evidence of the stolen data being used for fraudulent activities or identity theft. As a precautionary measure, affected customers are being offered a year of complimentary membership to Experian IdentityWorks Credit 3B, a service for credit monitoring and identity protection.
The Clop ransomware gang has been identified as the perpetrator of the attack, having included Western Alliance among 58 companies it targeted in January. Clop has executed a series of cyberattacks by exploiting weaknesses in Cleo LexiCom, VLTransfer, and Harmony software. They leveraged a pre-authentication zero-day vulnerability known as CVE-2024-50623, which was patched in October. Additionally, another zero-day vulnerability, CVE-2024-55956, was resolved in December after Clop utilized it to install a Java-based backdoor named “Malichus.” This backdoor enabled the hackers to extract data, run commands, and gain deeper access to the networks of their victims.
Although the full extent of the attack is still being assessed, Cleo reports that its software is utilized by over 4,000 organizations globally. The Clop group has a history of executing extensive data theft operations, taking advantage of vulnerabilities in MOVEit Transfer, GoAnywhere MFT, and Accellion FTA.
The data breach at Western Alliance Bank underscores the persistent threats posed by software vulnerabilities and the growing sophistication of cybercriminals targeting financial institutions. Affected customers are advised to remain vigilant and utilize the credit monitoring services offered.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
