Western Alliance Bank

Arizona-based Western Alliance Bank experienced a security breach after an attack on a third-party file transfer program which compromised personal data of 21,899 individuals. The attack, which occurred between October 12 and 24, led to unauthorized access and exfiltration of names, Social Security numbers, birthdates, driver's license numbers, tax identification numbers, passports, and financial account numbers. The Clop ransomware operation claimed responsibility, alleging the exploit was via a vulnerability in the Cleo file sharing tool. The incident's ramifications extended to other companies such as Hewlett Packard Enterprise and Thomson Reuters, prompting further investigations.

Source: https://www.scworld.com/brief/cleo-hack-impacts-almost-22k-western-alliance-bank-clients

TPRM report: https://scoringcyber.rankiteo.com/company/western-alliance-bank

"id": "wes445032025",
"linkid": "western-alliance-bank",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '21,899',
                        'industry': 'Financial Services',
                        'location': 'Arizona',
                        'name': 'Western Alliance Bank',
                        'type': 'Bank'},
                       {'industry': 'Technology',
                        'name': 'Hewlett Packard Enterprise',
                        'type': 'Company'},
                       {'industry': 'Information Services',
                        'name': 'Thomson Reuters',
                        'type': 'Company'}],
 'attack_vector': 'Third-party file transfer program',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': '21,899',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['names',
                                              'Social Security numbers',
                                              'birthdates',
                                              "driver's license numbers",
                                              'tax identification numbers',
                                              'passports',
                                              'financial account numbers']},
 'date_detected': '2023-10-12',
 'description': 'Arizona-based Western Alliance Bank experienced a security '
                'breach after an attack on a third-party file transfer program '
                'which compromised personal data of 21,899 individuals.',
 'impact': {'data_compromised': ['names',
                                 'Social Security numbers',
                                 'birthdates',
                                 "driver's license numbers",
                                 'tax identification numbers',
                                 'passports',
                                 'financial account numbers']},
 'initial_access_broker': {'entry_point': 'Cleo file sharing tool'},
 'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Clop'},
 'threat_actor': 'Clop ransomware operation',
 'title': 'Western Alliance Bank Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Cleo file sharing tool'}

Western Alliance Bank

Estes Forwarding Worldwide

Synnovis

United Natural Foods (UNFI)