Western Alliance Bank Data Breach Exposes SSN's & Driver's Licenses

On January 27, 2025, Western Alliance Bank ("WAB") discovered a data breach involving unauthorized access to sensitive consumer information. The breach originated from a previously unknown vulnerability in a third-party vendor's secure file transfer software utilized by Western Alliance Bank and many other organizations. This vulnerability was exploited by an unauthorized actor between October 12, 2024, and October 24, 2024, allowing the actor to access a limited portion of Western Alliance Bank's systems and obtain copies of sensitive files.

Western Alliance Bank's internal investigation confirmed that the unauthorized actor acquired files containing personal information of approximately 21,899 individuals in the United States, including items like names, social security numbers, and passport information.

The cybercriminal group known as CL0P claimed responsibility for this ransomware attack. On December 25, 2024, CL0P initially listed an unidentified victim named "weste#####." Subsequently, on January 15, 2025, CL0P publicly revealed the full domain name (westernalliancebank.com) and announced plans to publish the organization's data on January 18, 2025, via the dark web network known as Tor.

Western Alliance Bank reported this incident to law enforcement authorities and notified affected individuals via written notice on March 14, 2025. Additionally, the bank officially disclosed the breach to the California and Massachusetts Attorney Generals' offices on March 14, 2025 and the Maine Attorney General's office on March 17, 2025. Disclosures were also made to the New Hampshire, Washington and Texas Attorney Generals' offices beginning on June 30, 2025.

Western Alliance published a Notice of Data Security incident on its own website on June 30, 2025. The data breach impacted at least 21,899 individuals, including 1,222 in Texas, 539 in Washington, 41 in New Hampshire, 17 in Massachusetts and six in Maine.

Western Alliance Bank's response

Following the discovery of the breach, Western Alliance Bank took immediate steps to mitigate the damage and enhance security measures. The bank reported the incident to law enforcement and initiated a thorough internal investigation to determine the scope and impact of the incident.

To assist affected individuals, Western Alliance Bank is offering a complimentary one-year membership of Experian IdentityWorks Credit 3B. This service provides comprehensive identity protection, including:

• Daily credit monitoring from Experian, Equifax, and TransUnion
• Identity restoration assistance from dedicated specialists
• Up to $1 million in identity theft insurance coverage
• Extended identity restoration support even after membership expiration

Affected consumers are encouraged to enroll in the complimentary Experian IdentityWorks Credit 3B membership by following the instructions provided in the written notice sent by Western Alliance Bank. Consumers can also contact Experian’s customer care team at 877-288-8057 for assistance with enrollment or identity restoration.

Additionally, Western Alliance Bank advises all affected individuals to remain vigilant by regularly reviewing account statements and monitoring credit reports for suspicious activity. Consumers can request free credit reports from AnnualCreditReport.com or place fraud alerts and credit freezes with the three major credit bureaus (Equifax, Experian, and TransUnion).