SunTrust Says Data on 1.5 Million Customers May Have Been Stolen

(Bloomberg) -- SunTrust Banks Inc., Georgia’s largest lender, said it’s investigating a former employee that might have stolen personal data on 1.5 million customers.

Information such as names, addresses, phone numbers and account balances might have been exposed, the Atlanta-based lender said Friday in a statement. The company, which will notify customers, also said it’s working with outside experts and coordinating with law enforcement. It said on a conference call that the employee may have tried to share the data with “a criminal third party.”

“We apologize to clients who may have been affected by this,” Bill Rogers, SunTrust’s chief executive officer, said in the statement. “While we have not identified significant fraudulent activity, we will reinforce our promise to clients that they will not be held responsible for any loss on their accounts as a result.”

The company will offer free identity-protection services through Experian Plc for all current and new customers “on an ongoing basis,” according to the statement. The theft didn’t include social security numbers or user IDs and passwords, according to SunTrust, which didn’t identify the employee.

The bank also said first-quarter profit was $612 million, or $1.29 a share. That topped the $1.11 average of 19 analyst estimates for adjusted earnings compiled by Bloomberg. The company set aside $28 million to cover souring loans in the quarter, less than the $105 million analysts were expecting.

SunTrust rose 0.6 percent to $67.43 at 9:54 a.m. in New York. The stock climbed 3.8 percent this year through Thursday, outpacing the 0.4 percent advance of the KBW Bank Index.

Monitoring Costs

The company can absorb the costs associated with identity monitoring into its “normal course of business,” Rogers said during the call.

He said the company’s investigation started six to eight weeks ago, when it discovered the former employee attempted to download client information. Late last week, SunTrust discovered that the information might have been exposed externally, and that’s when it decided to disclose the incident to clients, Rogers said.

©2018 Bloomberg L.P.