Western Alliance Bank (WAB), a wholly owned subsidiary of the Western Alliance Bancorporation in the US, has issued notifications to 21,899 customers regarding a data breach that resulted in the theft of personal information. The breach, which occurred in October 2024, was due to a compromised third-party vendor’s secure file transfer software used by WAB.
The bank initially disclosed the cyberattack in a February SEC filing. According to the filing, the attackers exploited a zero-day vulnerability that the vendor reported on 27 October 2024. This security flaw allowed unauthorised access to a limited number of the bank’s systems and led to the exfiltration of files.
It was only after the attackers leaked some of the stolen files that Western Alliance became aware of the data exfiltration from its network. The breach occurred between 12 October and 24 October 2024. A subsequent analysis, completed in February 2025, revealed that the stolen files contained sensitive customer data which were provided to the bank including names, Social Security numbers, birth dates, financial account details, driver’s licence numbers, tax identification numbers, and passport information.
Western Alliance has assured customers that there is no evidence suggesting the misuse of their personal information for fraudulent activities. It further claimed that the incident is expected to have no material impact on its business.
“The company will work with clients who may have been impacted and will make appropriate notifications to impacted individuals,” WAB said in the SEC filing. “Although the company continues to investigate and has not determined the full impact of this incident, at this time the incident has not had a material impact on the Company’s business or operations. The Company does not anticipate any material impact on the Company’s financial condition or results of operations.”
A spokesperson for Western Alliance Bank was unavailable when BleepingComputer reached out for an immediate comment on the breach.
Clop ransomware group claimed responsibility
In January, the Clop ransomware group had taken responsibility for the breach by listing Western Alliance Bank on its leak site as one of the 58 companies whose data they compromised.
The group is known for exploiting a pre-auth zero-day vulnerability in Cleo LexiCom, VLTransfer, and Harmony software.
The software was patched in October 2024 following the vendor’s alert to customers to upgrade their software immediately. Cleo, whose software is used by over 4,000 organisations globally, reported a second zero-day vulnerability in December, which was also targeted by the Clop threat actors.
Read more: Clop gang threatens 66 companies after exploiting Cleo software vulnerability
