Western Alliance Bank Data Breach Exposes Personal Information of 22,000 Individuals
Western Alliance Bank has begun notifying approximately 22,000 individuals that their personal data was stolen following a security breach involving a third-party secure file transfer software.
The bank reported that in October 2024, cybercriminals exploited an unknown vulnerability in the file transfer tool, allowing them to access a limited portion of Western Alliance’s systems and steal sensitive files.
By January 2025, Western Alliance confirmed that data had been compromised, and by February, the bank determined that stolen information included names, Social Security numbers, dates of birth, driver’s license numbers, passport details, financial account numbers, and tax identification numbers.
To support affected individuals, Western Alliance is providing one year of identity protection services. The bank also informed the Maine Attorney General’s Office that 21,899 individuals were impacted by the breach.
In a filing with the Securities and Exchange Commission (SEC) in February, Western Alliance stated that it became aware of the breach after stolen data was published online by a threat actor. However, the bank assured that the incident would not significantly impact its financial condition or operations.
While the bank did not disclose the name of the exploited application, cybersecurity expert Paul Bischoff from Comparitech revealed that the breach was linked to a Cleo file transfer tool.
In late 2024, the Cl0p extortion group exploited two zero-day vulnerabilities in Cleo’s file transfer products—CVE-2024-50623 and CVE-2024-55956—to steal data from dozens of organizations.
According to Bischoff, the Cl0p group has listed hundreds of breached organizations on its Tor-based leak site, including Western Alliance Bank. He further noted that in 2024, Cl0p claimed nine confirmed ransomware attacks and 74 unconfirmed attacks, with 55 of those linked to the Cleo vulnerability that affected Western Alliance. In 2025, Cl0p claimed responsibility for 332 unconfirmed attacks, most of which also targeted Cleo’s file transfer software.
This incident highlights the growing security risks associated with third-party software vulnerabilities, especially in financial institutions. As cybercriminals continue to exploit weaknesses in widely used tools, organizations must strengthen their cybersecurity measures, regularly update software, and monitor for potential breaches to protect sensitive customer data.
