In an SEC filing on Wednesday, First Horizon Bank of Tennessee revealed that login credentials were used by “an unauthorized party,” exploiting third-party security software to remove millions from approximately 200 accounts. Excerpt:
In mid-April, First Horizon Corporation (the “Company”) became aware of a data security incident affecting a limited number of customer accounts. Based on its ongoing investigation, the Company determined that an unauthorized party had obtained login credentials from an unknown source and attempted access to customer accounts. Using the credentials and exploiting a vulnerability in third-party security software, the unauthorized party gained unauthorized access to under 200 online customer bank accounts, had access to personal information in those accounts, and fraudulently obtained an aggregate of less than $1 million from some of those accounts.