
Western Alliance Bank has announced a massive data breach affecting 21,899 customers. Attackers affiliated with the Clop group exploited a vulnerability in a third-party file transfer software to gain access to sensitive information, including social security numbers, bank account details and passport details.
The bank has officially reported the breach to regulators in Maine and California, confirming that it was the victim of an attack due to a flaw in its secure file sharing software. The name of the software is not disclosed, but the Clop hackers have previously reported using Cleo, which is used by many organizations.
According to Western Alliance, the unauthorized access occurred from October 12 to 24, 2024, and the bank only learned about it on January 27, 2025. In response, the victims were offered a one-year subscription to protect their personal data.
Clop is one of the most active cybercrime groups, specializing in data theft through vulnerabilities in file-sharing services. They have already carried out attacks on MOVEit, GoAnywhere and Accellion, stealing information from thousands of companies. Clop attacks have previously affected Hewlett Packard Enterprise and Thomson Reuters, which are currently investigating possible compromise of their systems by Cleo.
Western Alliance Bank data leak demonstrates the vulnerability of financial institutions to cybercrime. The bank assures that it is strengthening security measures, but hacker attacks on the financial sector continue, highlighting the need for stricter cyber-defense protocols.