First Horizon in Memphis, Tenn., disclosed that a number of online customer bank accounts were targeted by a data security breach.
The $87.5 billion-asset company said in a regulatory filing Wednesday that it first learned of the breach this month.
An unauthorized party obtained login credentials from an unknown source and exploited a vulnerability in third-party security software to gain access to less than 200 accounts, obtaining “less than $1 million” from some of the accounts, the filing said.
First Horizon said it has addressed the software vulnerability, reset the accounts’ passwords and is working with customers to close existing accounts and open new ones. The company said it reimbursed the customers for the stolen funds and notified the appropriate regulators and law enforcement authorities.
First Horizon said that, based on its ongoing assessment of the incident, it does not believe the event will have a material adverse effect on its business or financial results.
