2021-04-28 FIRST HORIZON CORP Cybersecurity Incident

Page last updated on April 11, 2024

FIRST HORIZON CORP initially disclosed a cybersecurity incident in an SEC 8-K filing on 2021-04-28 09:25:14 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date:
Disclosure Date: 2021-04-28
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2021-04-28

FIRST HORIZON CORP filed an 8-K at 2021-04-28 09:25:14 EDT
Accession Number: 0000930413-21-000908

Item 8.01 Other Events.

In mid-April, First Horizon Corporation (the “Company”) became aware of a data security incident affecting a limited number of customer accounts. Based on its ongoing investigation, the Company determined that an unauthorized party had obtained login credentials from an unknown source and attempted access to customer accounts. Using the credentials and exploiting a vulnerability in third-party security software, the unauthorized party gained unauthorized access to under 200 on-line customer bank accounts, had access to personal information in those accounts, and fraudulently obtained an aggregate of less than $1 million from some of those accounts. The Company has remediated the software vulnerability, reset the passwords for the identified accounts, is working with the affected customers to close existing accounts and open new ones, has reimbursed the customers for the stolen funds, and has notified the appropriate regulators and enforcement authorities. Based on its ongoing assessment of the incident to date, the Company does not believe that this event will have a material adverse effect on its business, results of operations or financial condition.

Company Information