The financial institution, First Horizon Corporation reported that earlier this month some of its customers’ online banking accounts have been breached by unidentified cybercriminals.
‘First Horizon’ is a regional financial company that provides facilities including capital market, wealth management services and offers banking services in a region with $84 billion in assets.
Additionally, the institution also operates its company's banking subsidiary; hundreds of banks are located in 12 states across the Southeast region.
According to the company, the attack came into light in the middle of April 2021 and as per the reports it only impacted limited customers’ accounts. Whilst investigation was going on, it was discovered that the unidentified cybercriminals could possibly get access to customers' online bank accounts with the help of previously stolen sensitive information and by trespassing third-party software.
"Using the credentials and exploiting a vulnerability in third-party security software, the unauthorized party gained unauthorized access to under 200 online customer bank accounts," First Horizon added in an 8-K form filed with the U.S. Securities and Exchange Commission (SEC) on Wednesday.
It is also being reported that the threat actors were also able to get access to the customers’ credentials kept in the infringement accounts and fetch reserve money from some of them before the attack was being discovered.
However, the firm reported that they "fraudulently obtained an aggregate of less than $1 million from some of those accounts."
The institution, after discovering the attack, informed the affected customers while also notifying the data management department and law enforcement firms. Furthermore, for security purposes, it also opened new online banking accounts for its directly affected customers.
The vulnerability exploited by the attackers, that was present in the system, has also been taken care of by the company, they have also successfully reset the passwords of the affected accounts.
In this regard, lastly, the first Horizon concluded by saying that, "Based on its ongoing assessment of the incident to date, the Company does not believe that this event will have a material adverse effect on its business, results of operations or financial condition." However, at present, the firm did not report anything on the exploited third-party software.