It seems like we're hearing about new data breaches on a regular basis, and SunTrust's (STI +0.00%) recent one affecting 1.5 million customers could seem alarming. Here's what investors -- and consumers -- need to know about it and how this one is different from some of the other high-profile data breaches we've heard about.
A full transcript follows the video.
This video was recorded on April 23, 2018.
Michael Douglass: Let's turn to our third bit of news, which was a data breach at SunTrust. Which, OK, another data breach. [laughs] It seems like there's a new one announced every other day.
Matt Frankel: Right. This one is kind of a different story, though.
Douglass: Yes.
Frankel: The significance is just that you keep hearing the phrase "data breach," and it reinforces the need to protect your information and be careful.
Douglass: Right.
Frankel: This one, just to give you some background if you haven't read it yet, one SunTrust employee stole client contact lists. Which, I say "a list," this was 1.5 million people, so that's a pretty big list. [laughs]
Douglass: Right. [laughs]
Frankel: But, they only stole names, addresses and account balances. They did not get things like Social Security numbers, account numbers. So, this isn't like a Target data breach, where they took credit card numbers and things like that. The most sensitive information did not get compromised. There's really not that much an identity thief can do with just names, addresses and account balances. It's definitely a piece of the puzzle, and information you don't want random thieves to have. [laughs] But, it's kind of a different animal than what we were talking about with the Target data breach, the Equifax data breach, where they pretty much took information on every account that you own. So, it's a different story.
Douglass: And the other piece here is that this was an inside job. At least, as far as we know, this wasn't a hack, this wasn't some sort of outside thing where they breached the firewalls and got into a bunch of stuff. This was one person misusing data. And I have to say, perhaps unsurprisingly, SunTrust has basically done all the right things here, which is, they reported it, quickly -- that's important -- they proactively offered consumer protections, and also not surprisingly, they terminated the employee. So, hopefully this one is really is just an isolated incident for the bank.
Frankel: Yeah. I think banks -- I don't know if this is the case for SunTrust, if they would have done the same things anyways -- but I think banks are really starting to learn what to do and what not to do in the event of a data breach. Equifax is a good example of what not to do. They waited, what was it, three months after they knew about the breach to tell anybody, after some of their executives had sold some stock. There's a current inside trading suit going on right now.
Douglass: [laughs] Yeah, a lot of not great stuff there.
Frankel: So, that's definitely something you don't want to do. [laughs] And SunTrust is doing a really good job of keeping people informed. They went ahead and told everybody before anything leaked out. They did a good job. I applaud them, especially since, like I said, this was not a large-scale Social Security number and credit card number breach.
Douglass: Right. Have to throw out there as well, this is a really important piece of the puzzle for banks, handling this kind of thing correctly. The fact is, no security is perfect. That is, unfortunately, the way things are. So, there are going to be things that happen, and I think that's pretty much unavoidable. I mean, I was involved in the OPM breach with the federal government. It's just not possible to get things perfect. But, banks rely so much on trust, particularly trust with money. That's what's the wealth management stuff is all about. That's why people accept those low yields on their savings accounts and things like that, because they can trust the money will be there. So, for banks, it's critical that they maintain customer trust. And handling tough situations the right way is really the best way to preserve that trust, because you can burn up a lot of good will very quickly.
Frankel: Yeah, definitely. It's important for people to remember also that fields like cybersecurity are still in the pretty early stages. So, as this evolves and thieves are getting more and more sophisticated every day, there are going to be breaches. It's important to take a step back, figure out exactly what happened, and most importantly, take steps to protect yourself. We've written extensively about credit freezes, putting a fraud alert on your credit. I have a fraud alert on my own credit report, just to prevent something like this from becoming an issue. So, it's really important to be proactive and protect yourself from these kinds of breaches. The news like the SunTrust breach just serves as a good reminder of that.
