US financial sector firm First Horizon Corporation has now disclosed that it has been hacked, resulting in several of its customers, online bank accounts being breached. Personal data was disclosed in the breach and funds stolen from their accounts.

A regional financial services company, the First Horizon Corporation currently has $84bn (£60.5bn) worth of assets and provides a wide range of options to its customers, including banking, wealth management and capital market. First Horizon Bank is the US enterprise’s banking subsidiary, now operating a network comprising hundreds of bank branches across 12 different states in southeast America.

Funds stolen and personal data accessed

The recent attack on First Horizon was uncovered in mid-April, with the firm announcing that only a limited number of its customers had been impacted by the incident. During a forensic investigation, security teams discovered that the unknown threat operators behind the assault were able to penetrate the online banking accounts of First Horizon customers using credentials that had been stolen previously, combined with the exploitation of a weakness present in a third-part application being used.

The 8-K form, completed by First Horizon and filed with the US Securities and Exchange Commission (SEC), explained the breach and its impact:

“Using the credentials and exploiting a vulnerability in third-party security software, the unauthorised party gained unauthorised access to under 200 on-line customer bank accounts.”

After exploiting the weakness, the attackers were additionally able to obtain access to customer data that was being stored within the accounts breached and to withdraw funds from many of them prior to the infiltration being identified and the alarm raised. First Horizon confirmed that the total sum fraudulently acquired from the customer accounts was less than $1m.

Customer reimbursement following the breach

First Horizon has reimbursed all customers who had their personal funds stolen by threat operators after the data breach was discovered.

The bank holding company also informed all relevant data authorities and law enforcement entities of the information breach and opened entirely new banking accounts for all customers impacted.

First Horizon also fixed the software weakness that had been exploited by the threat operators during the attack on its systems, and performed a comprehensive password reset for all the affected bank accounts.

The bank holding company commented on the incident and the potential impact it might have on its operation:

“Based on its ongoing assessment of the incident to date, the company does not believe that this event will have a material adverse effect on its business, results of operations or financial condition.”

Although First Horizon has not disclosed details of the third-party software exploited, extensive collections of illegally obtained user credentials that have potentially been reused on numerous sites have now been leaked or sold free of charge by multiple threat operators for years, via hacker forums on the dark web.

Among the most recent instances of such criminal exchanges are the tens of millions of personal user records comprising personal credentials and data belonging to Nitro PDF, BigBasket and ParkMobile.