Western Alliance Bank data breach: 21,899 customers impacted

The recent data breach at Western Alliance Bank underscores a growing concern in the cybersecurity landscape: the risks posed by third-party software vulnerabilities. This incident not only highlights the technical challenges of securing sensitive data but also serves as a cautionary tale for organizations relying on external vendors for critical operations.

The incident: a timeline of events

In October 2024, attackers exploited a zero-day vulnerability in a third-party secure file transfer software used by Western Alliance Bank. The breach, which occurred between October 12 and October 24, allowed unauthorized actors to exfiltrate sensitive files from the bank’s systems. The vulnerability was disclosed by the vendor on October 27, 2024, but by then, the damage had already been done. The breach came to light only after attackers leaked some of the stolen files online, prompting an internal investigation.

By February 21, 2025, Western Alliance Bank completed its analysis of the compromised data and determined that the breach affected 21,899 customers. The stolen information included highly sensitive personal data such as names, Social Security numbers, dates of birth, financial account details, driver’s license numbers, tax identification numbers, and even passport information in some cases.

The role of Clop ransomware

The breach has been attributed to the Clop ransomware gang, a notorious cybercriminal group known for exploiting zero-day vulnerabilities in enterprise software. Clop added Western Alliance Bank to its leak site in January 2025, alongside other victims targeted through similar tactics. The group leveraged vulnerabilities in Cleo Harmony and related software to deploy malicious backdoors and exfiltrate data. This is not Clop’s first high-profile attack; they have previously exploited flaws in platforms like MOVEit Transfer and Accellion FTA.

Implications for Customers and Businesses

Western Alliance Bank has assured its customers that there is no evidence of misuse of their personal information so far. However, given the nature of the stolen data, the potential for identity theft and fraud remains high. To mitigate these risks, the bank is offering affected customers one year of free credit monitoring services through Experian IdentityWorks Credit 3B.

This incident also raises questions about organizational preparedness and resilience against third-party risks. Despite having cybersecurity measures in place—guided by frameworks like NIST and COBIT—Western Alliance Bank fell victim to an attack originating from an external vendor’s vulnerability.

Lessons Learned: strengthening third-party risk management

1. Vendor Risk assessments: organizations must conduct rigorous security assessments of third-party vendors before integrating their software into critical systems.
2. Zero-Day preparedness: given the increasing frequency of zero-day exploits, businesses should prioritize rapid patch management and adopt advanced threat detection tools.
3. Data minimization: Storing only essential customer data can reduce exposure in case of a breach.
4. Incident Response plans: companies must have robust incident response strategies to quickly identify breaches and mitigate damage.
5. Customer communication: transparent communication with affected individuals is crucial for maintaining trust and mitigating reputational damage.

The Western Alliance Bank breach serves as a stark reminder that even well-established institutions with robust cybersecurity frameworks are not immune to attacks originating from third-party vulnerabilities. As cyber threats evolve, organizations must adopt a proactive approach to vendor risk management and invest in advanced security measures to safeguard sensitive data. For customers, this incident highlights the importance of vigilance in monitoring personal financial accounts and taking advantage of protective services offered post-breach.

Citations

1. https://www.bleepingcomputer.com/news/security/western-alliance-bank-notifies-21-899-customers-of-data-breach/
2. https://www.breachsense.com/breaches/western-alliance-bank-data-breach/
3. https://cybernews.com/business-digital-index/western-alliance-bank/
4. https://www.westernalliancebancorporation.com/insights/help-protect-your-organization-against-data-breaches-and-cybercrime-scams
5. https://www.westernalliancebancorporation.com/insights/western-alliance-bank-cyber-security
6. https://www.westernalliancebancorporation.com/privacy-legal-home/privacy-policy
7. https://www.westernalliancebancorporation.com/insights/5-questions-ask-defend-against-cyberattacks-and-data-breaches