Two major U.S. banks, Citizens Financial Group and Frost Bank, found themselves at the center of a significant cybersecurity incident after the Everest ransomware group claimed to have stolen millions of customer records. The ransomware operation posted both organizations on its dark web leak site and threatened to release the stolen data publicly unless its demands were met within six days.
According to cybersecurity researchers, the attack did not originate from either bank’s internal network. Instead, investigators believe a shared third-party document management vendor was compromised, giving attackers access to sensitive customer information belonging to both institutions.
The Everest group claimed to have obtained approximately 250,000 Frost Bank customer records, including Social Security numbers, tax identification details, mortgage information, and income-related data. The group also alleged that it had accessed around 3.4 million Citizens Bank records from a database containing customer information.
While both banks stated that their own systems were not directly breached, the incident quickly raised concerns among customers and regulators. Just two days after the attack became public, class-action lawsuits were filed, alleging that personal information such as names, addresses, dates of birth, Social Security numbers, and financial account details may have been exposed.
The incident serves as another reminder that organizations are only as secure as the partners and vendors they rely on. Even companies with strong cybersecurity programs can face serious risks when a trusted third party becomes the weakest link in the security chain.<\/p>\n","protected":false},"excerpt":{"rendered":"
Two major U.S. banks, Citizens Financial Group and Frost Bank, found themselves at the center of a significant cybersecurity incident after the Everest ransomware group claimed to have stolen millions of customer records. The ransomware operation posted both organizations on its dark web leak site and threatened to release the stolen data publicly unless its demands were met within six [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":5643,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226,220,225,10],"tags":[],"class_list":["post-9143","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-finance-and-legal","category-government-advisory","category-heavy-industry","category-latest_vulnerabilities"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2021\/12\/Picture1-4.jpg?fit=1377%2C919&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/9143"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=9143"}],"version-history":[{"count":1,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/9143\/revisions"}],"predecessor-version":[{"id":9144,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/9143\/revisions\/9144"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/5643"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=9143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=9143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=9143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}