HQ/EMEAFind out how we can help your business
The Western Alliance Bank data breach has impacted 21,899 customers, exposing sensitive personal data after attackers exploited a zero-day flaw in a third-party vendor’s secure file transfer software. The Arizona-based bank, a subsidiary of Western Alliance Bancorporation, confirmed that hackers accessed its systems between 12 and 24 October 2024, with the vendor publicly disclosing the flaw on 27 October.
Western Alliance first revealed the incident in a February filing with the US Securities and Exchange Commission (SEC), stating that attackers had compromised a limited number of its systems and stolen files stored on affected devices.
The breach was only discovered after cybercriminals leaked stolen data, prompting an internal investigation. On 21 February 2025, the bank concluded its analysis and confirmed that personal information had been accessed. The exposed data includes customer names, Social Security numbers, dates of birth, financial account details, driver’s licence numbers, tax identification numbers, and passport information if provided to the bank.
The Western Alliance Bank data breach exposed customer data, though no misuse has been detected.
Despite the severity of the Western Alliance Bank data breach, the bank has stated that it has no evidence of the stolen information being misused for fraud or identity theft. However, as a precaution, affected customers are being offered one year of free membership to Experian IdentityWorks Credit 3B, a credit monitoring and identity protection service.
The attack has been linked to the Clop ransomware gang, which listed Western Alliance among 58 companies it targeted in January. Clop has been behind a series of cyberattacks exploiting vulnerabilities in Cleo LexiCom, VLTransfer, and Harmony software. The group took advantage of a pre-authentication zero-day vulnerability tracked as CVE-2024-50623, which was patched in October. Another zero-day vulnerability, CVE-2024-55956, was addressed in December after Clop used it to deploy a Java-based backdoor called “Malichus.” This backdoor allowed the hackers to steal data, execute commands, and gain further access to victim networks.
While the full scale of the attack is still under investigation, Cleo claims its software is used by more than 4,000 organisations worldwide. The Clop group has previously carried out large-scale data theft campaigns, exploiting flaws in MOVEit Transfer, GoAnywhere MFT, and Accellion FTA.
The Western Alliance Bank data breach highlights the ongoing risks posed by software vulnerabilities and the increasing sophistication of cybercriminal groups targeting financial institutions. Affected customers must stay alert and use the provided credit monitoring service.
