What we know about the alleged SunTrust data breach

Written by |

Another day, another data breach…

And another instance of a bank taking the weak posture of offering free identity protection as a post-breach Band-Aid when there’s a better solution out there!

RELATED: Credit Freeze Guide — The best way to protect yourself against identity theft

SunTrust announces possible breach of 1.5 million customer records

On April 20, SunTrust Bank announced that an insider may have stolen records on 1,500,000 customers with the criminal intent of sharing them outside the organization.

The bank first became aware of the likelihood of “inappropriate access” of records in February. A subsequent internal investigation now points to an ex-employee for the alleged theft.

It is believed the culprit tried to print the records and share them with a “criminal third party,” according to the Wall Street Journal.

The investigation is still ongoing as the bank continues to work closely with law enforcement and outside experts.

What info was compromised?

SunTrust says it’s likely that names, addresses, phone numbers and account balances of 1.5 million customers were breached.

Fortunately, the bank reports Social Security numbers, account numbers, passwords, and driver’s license information are not believed to have been accessed.

And in another bright spot in a bad situation, SunTrust notes there’s no pattern “significant fraudulent activity around impacted accounts.”


Was my personal information stolen?

If you have a SunTrust account, you can log on to SunTrust’s secure site and enter your info to find out.

Here’s the info you’ll need:

  • First name
  • Last name
  • Zip code
  • Last 4 digits of Social Security number

If you’re worried about entering your Social Security number, don’t be; SunTrust already has your entire number. They’re just asking for the last four digits here to verify your identity so they can determine if your info was compromised.

What’s next?

The bank will begin contacting customers whose info may have been affected in this suspected breach.

Also on tap is a plan to provide free identity protection to all customers — regardless of whether they are in the 1.5 million customers believed to have been breached or not.

Making an offer of free identity protection is the usual defensive crouch financial institutions go into after something like this happens.

We’ve seen it after huge data breaches — think Target, Equifax, etc. — and in the wake of practically every smaller data breach. They’re too numerous to count by now.

But here’s the thing: Identity monitoring isn’t the solution. A full-blown credit freeze is what you really need!

We’re beginning to see the first inklings of possible legislation that would make credit freezes free for everyone, but we’re not there yet.

So while you shouldn’t turn down the offer of free protection, if you want to really protect yourself, you may need to open your wallet. Consider paying the nominal state-regulated fee to freeze your credit with Equifax, Experian and TransUnion.


A credit freeze effectively shuts down a criminal’s ability to open new credit in your name even if they get your personal info in a breach.

See our step-by-step instructions for getting a credit freeze in place.

One final thought…

A lot of the SunTrust customers we’re hearing from calling in to ask for free advice at our Consumer Action Center report that they have a lot of money in the bank.

If you have more than the FDIC limit of $250,000 per depositor, per insured bank, for each account ownership category, you need an effective way to spread it out.

Dating back to the financial crisis of last decade, money expert Clark Howard recommended having no more on deposit at any bank than the FDIC limit. But if you’re Daddy Warbucks and have a multi-million dollar bank account, try using the CDARS service to extend FDIC coverage beyond the normal $250K limit.

CDARS achieves this by taking your money and splitting it up among multiple FDIC-insured accounts.

It’s completely safe and free!