Western Alliance Bank has confirmed a cybersecurity breach that compromised the personal information of approximately 21,899 customers. The breach resulted from a zero-day vulnerability in third-party file transfer software, exploited between October 12 and October 24, 2024. The bank discovered the incident on January 27, 2025, after stolen records were leaked online by hackers.
The compromised data includes highly sensitive information such as names, Social Security numbers, dates of birth, financial account details, driver’s license numbers, tax identification numbers, and passport information. The breach has been linked to the Clop ransomware group, which reportedly targeted vulnerabilities in file-sharing tools provided by Cleo, a third-party vendor used by the bank.
In response, Western Alliance has notified affected customers and is offering one year of free identity protection services through Experian IdentityWorks Credit 3B. The bank also confirmed that the breach did not materially impact its day-to-day operations or financial standing.
This incident underscores the growing risk posed by third-party software vulnerabilities, particularly for financial institutions that rely on external vendors for critical operations. Experts continue to urge firms to implement strong cybersecurity protocols, including continuous vulnerability scanning, real-time monitoring of data access, and rapid patch deployment to protect against zero-day exploits.
The breach also highlights broader concerns around third-party risk management. As digital ecosystems become more complex, organizations must ensure that their vendors maintain robust security standards and that contingency plans are in place to respond quickly to emerging threats.
For financial institutions like Western Alliance Bank, the incident serves as a stark reminder of the evolving threat landscape. Ongoing vigilance, proactive security measures, and transparent communication with customers are critical to maintaining trust and minimizing the impact of future breaches.
