The Vermont Office of the Attorney General disclosed a data breach at Wells Fargo Bank on **September 19, 2024**, stemming from unauthorized access to **customer personal information** by a **former employee** between **May 2022 and March 2023**. The breach involved the misuse of internal systems to exfiltrate sensitive data, though the exact number of affected individuals remains undisclosed. The compromised information may include personally identifiable details, exposing customers to potential identity theft, financial fraud, or phishing attacks. The prolonged duration of the breach—nearly a year—suggests systemic vulnerabilities in access controls and post-employment monitoring. While Wells Fargo has not confirmed the scope of the stolen data, the incident underscores risks associated with insider threats and delayed detection. Regulatory scrutiny and customer notifications are expected, with potential reputational damage and legal repercussions for the bank.
Source: https://ago.vermont.gov/document/2024-09-19-wells-fargo-bank-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/wellsfargo
"id": "wel033091825",
"linkid": "wellsfargo",
"type": "Breach",
"date": "5/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Banking/Financial Services',
'location': 'United States',
'name': 'Wells Fargo Bank',
'type': 'Financial Institution'}],
'attack_vector': 'Unauthorized Access (Insider)',
'data_breach': {'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII)',
'type_of_data_compromised': 'Personal Information'},
'date_publicly_disclosed': '2024-09-19',
'description': 'The Vermont Office of the Attorney General reported a data '
'breach involving Wells Fargo Bank on September 19, 2024. The '
'breach involved unauthorized access to customer personal '
'information by a former employee between May 2022 and March '
'2023, although the specific number of affected individuals is '
'unknown.',
'impact': {'data_compromised': 'Customer Personal Information',
'identity_theft_risk': 'Potential (PII exposed)'},
'initial_access_broker': {'high_value_targets': 'Customer Personal '
'Information',
'reconnaissance_period': 'May 2022 – March 2023'},
'references': [{'date_accessed': '2024-09-19',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Vermont Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public Disclosure via Vermont '
'Attorney General'},
'threat_actor': 'Former Employee',
'title': 'Wells Fargo Data Breach via Former Employee (2022-2023)',
'type': 'Data Breach (Insider Threat)'}