A consumer advocate group is calling out banking company Fifth Third for not properly disclosing details about the cyberattack it suffered to its customers.
Earlier this week, Fifth Third sent a letter to an undisclosed number of customers whose personal information may have been exposed by a data breach. The breach was caused by bank employees, who have since been fired.
The bank’s letter did not get into any specifics regarding the cyberattack, maintaining that it could not discuss the matter extensively due to an ongoing investigation by unnamed “authorities” and “law enforcement.” Fifth Third also claimed that it had “not detected any fraudulent activity on [customers] accounts.”
While scant in details, the letter did reveal that customers’ compromised information may include their names, Social Security numbers, drivers’ license information, mothers’ maiden names, address, phone numbers, dates of birth, and account numbers.
The ambiguity of the letter and its lack of details regarding the data breach have drawn the attention and criticism of the Consumer Federation of America.
“Fifth Third is only telling half the story – it’s vague and deceptive to customers because it’s not just their Fifth Third accounts that will be impacted,” said Consumer Federation of America executive director Jack Gillis.
Gillis also told Cincinnati Enquirer that the letter’s limited commentary suggests that consumer information was sold to fraudsters on the dark web. The executive director warned that the information stolen from the bank could be used to create credit accounts outside of Fifth Third’s jurisdictions, and fraudulent charges made with the fabricated accounts will not be caught until they are reported by victims to credit reporting agencies.
When asked for a statement, Fifth Third would not say how they discovered the breach in the first place, or what the investigators were assessing. The bank also could not provide an update on the investigation procedure.
Fifth Third has almost 1,150 branches across 10 states.