Former employees of Fifth Third Bank in Cincinnati, Ohio, “accessed and misused” customer information as part of a “fraud ring”, according to a statement from the bank.
Fifth Third Bank, the $169 billion banking and financial services group, said it had already launched an investigation into the incident and alerted law enforcement.
It contacted customers earlier this month after becoming aware that “a small number of former employees” in Cincinnati had gained access to customer data and may have shared it outside the company. So far Fifth Third has contacted 100 customers and is continuing its efforts to make all those that may have been affected aware of the leak.
“To be clear, this was not a cybersecurity data breach event, but rather an orchestrated effort by a small group of employees to steal personal information,” the bank said in its statement.
It also moved to reassure customers that anyone who experienced a direct financial loss from the incident would be reimbursed, and affected individuals would be offered free access to its Identity Alert service, which protects against identity theft, for 12 months.
“Our primary concern, as always, is for the protection of our customers’ assets and sensitive information. We are taking immediate steps to strengthen these protective measures,” the bank said.
“During the course of the investigation, we have terminated those employees who were known to be involved in the fraud. Because this is an active investigation, we are limited in the information that we can share.
“We are cooperating fully with authorities in the investigation of this matter and we look forward to seeing justice served.”
Separately, Michigan attorney general Dana Nessel this month issued a warning to the state’s residents to be alert for fraudulent mobile phone texts and calls attempting to obtain customers’ banking information, following an increase in reported scam attempts.
Fraudsters pretending to represent banks send texts to mobile phones asking to confirm fake transactions. When consumers respond, they are called by the fraudster – often using a “spoofed” number to fool victims into thinking the call is legitimate – and probed for security data.
“The bottom line is this: Don’t give a single piece of personal information – your birth date, the last four digits of your Social Security number, your PIN number – to anyone who calls,” Nessel said. “Hang up and call back on a number you know you can verify.”
According to data from the American Bankers Association, fraud attempts affected an estimated $25.1 billion of money held in deposit accounts in 2018. Banks prevented 90% of all fraud attempts but approximately $2.8 billion was still lost, the vast majority of which was linked to debit card and check fraud.