(Reuters) - SunTrust Banks Inc STI.N said on Friday it discovered that a former employee may have attempted to download some information on nearly 1.5 million clients and share it with a criminal third-party.
The company said it believes the information included names and account balances, but not personally identifiable information, such as social security numbers, account numbers, pins, user IDs, passwords or driver’s license numbers.
The Atlanta, Georgia-based regional bank’s shares fell 0.5 percent to $66.69.
Chief Executive Officer William Rogers brought the incident to light on a post-earnings call with analysts on Friday. He said the attempt to download client information was made six to eight weeks ago.
“We began our own internal investigation and through that process, approximately 6 to 8 weeks ago, we discovered that the former employee attempted to download client information,” Rogers said.
No significant fraudulent activity has been identified, Rogers said.
A SunTrust spokeswoman, Sue Mallino, refused to disclose the location of the branch where the employee attempted to steal data. She also declined to disclose the identity of the criminal third-party and said the matter was under investigation.
SunTrust also said that as of last week, it believed the stolen information had not left the bank.
Rogers said this was not a data breach, adding the employee was not authorized to get that level of information, and that the company was reviewing its systems and capabilities.
In a press release shortly after the call, the bank said it was proactively notifying the 1.5 million affected clients that certain information, such as address, phone number and certain account balances may have been exposed, and said it is working with outside experts and coordinating with law enforcement on the matter.
“While management appears to be proactively addressing the data issue, we expect a degree of uncertainty to persist as the duration, breadth, and financial impact of any related investigations (both internal and external) are not yet known,” Evercore analysts wrote in a client note.
The incident will not result in any material impact to earnings, the bank said.
SunTrust said it will offer identity protection services to all of its clients free of charge, not just those potentially impacted.
SunTrust reported a 36 percent rise in quarterly profit helped by a rise in net interest income and lower expenses.
Reporting By Aparajita Saxena and Parikshit Mishra in Bengaluru; Editing by Bernard Orr and Saumyadeb Chakrabarty