Western Alliance Bank says nearly 22,000 impacted by file transfer software breach

Avatar

Phoenix-based Western Alliance Bank said the information of more than 20,000 people was stolen through a vulnerability in a popular file sharing tool last year. 

The bank filed breach notification documents in Maine and California last week confirming that it was affected by a vulnerability in a “third-party vendor’s secure file transfer software used by Western Alliance and numerous other organizations.” 

The notifications don’t specify the software and did not respond to requests for comment. The bank was one of hundreds of companies and organizations named by the Clop ransomware gang in October after the group claimed it was behind the exploitation of a vulnerability impacting the Cleo file sharing tool. 

“In October 2024, an unauthorized actor began exploiting this unknown vulnerability in the third-party software that allowed the unauthorized actor to gain access to a limited portion of Western Alliance’s systems and to obtain copies of files from those systems,” Western Alliance says in the notifications. 

The bank says it learned that the hackers had accessed data on January 27 and an investigation discovered that they “acquired certain files from the systems from October 12, 2024, to October 24, 2024.”

The information stolen includes names, Social Security numbers and in some cases, dates of birth, financial account numbers, driver’s license numbers, tax identification numbers and passports. 

Western Alliance Bank told regulators in Maine that 21,899 people were impacted and each will get one year of identity protection services. The bank reported a net income in 2024 of $787.7 million and says it has more than $80 billion in assets.

Several companies named by Clop have told Recorded Future News that they are in the process of investigating whether they also were affected.

IT giant Hewlett Packard Enterprise said it is investigating the claims but has not confirmed a compromise, pledging to notify customers if they are affected. 

A spokesperson for Thomson Reuters, whose Legal Tracker subsidiary was also named by Clop, confirmed that a small subset of customers who utilize the company’s Professional Services hosted integration service also used Cleo. 

“We have removed Cleo’s application from our environment. We have been in direct contact with the limited number of affected customers,” the spokesperson told Recorded Future News. 

Thomson Reuters did not say if any Legal Tracker data had been compromised.

The Clop gang — which has conducted global data theft campaigns targeting file sharing tools MOVEit, GoAnywhere and Accellion over the last five years — initially named 66 companies in the fall of 2024 but has slowly been releasing the names of dozens more organizations allegedly impacted by the Cleo breaches throughout 2025.

CybercrimeNewsIndustry
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors

Next Post

Municipalities in four states are struggling with cyberattacks limiting services

Related Posts

PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps

An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first
Avatar
Read More

Microsoft’s End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now

For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks
Avatar
Read More