Wells Fargo data breach: what happened and how to protect yourself

In 2024, Wells Fargo sent letters out to its customers about a security breach involving an insider threat and their personal information. The event triggered a chain reaction of customer outrage, publicized the long-standing problem with data security in finance, and led to several class action lawsuits. The Wells Fargo data breach compromised customer bank account details, driver’s licenses, and other high-risk information.

Our article will discuss what happened during the breach and what you can do to protect yourself moving forward.  

What we know about the Wells Fargo data breach

Many bank users assume they are safe from security breaches, but the data tells a different version of the story. It’s easy to see that the impact of a data breach is personal: a recent J.D. Power survey revealed that 29% of bank users experienced a fraudulent transaction last year. In this industry, threat actors will target any company.

The Wells Fargo data breach wasn’t a typical cyber attack, but an insider threat. A Wells Fargo employee accessed customer records without permission from May 2022 through March 2023 while using their information to commit fraud. Wells Fargo didn’t discover what the employee had done until over a year later, before disclosing it in September 2024. 

What information was compromised?

In the notice, the company revealed that an employee accessed customer data and transferred the private information of two people to their personal account. The Wells Fargo data leak revealed protected information, including: 

• Credit and debit card information
• Banking accounts and mortgage information
• The full names of Wells Fargo customers and their mailing addresses
• Social Security information
• Birthdates
• Loan account information

Company response to the Wells Fargo breach

A spokesperson from Wells Fargo clarified what happened in July 2024 and what they were doing to address the clear violation of customer security. When speaking with The Cyber Express, they said, “Wells Fargo was not subjected to a cyber-attack. However, an employee did breach company policy by transferring information to their personal account.” 

The employee was fired, and Wells Fargo began an internal investigation to improve their data-handling policies. In light of this, the banking giant also:

• Reported the employee’s actions to the proper authorities.
• Sent breach notification letters to two impacted bank customers.
• Offered those customers Experian IdentityWorks with internet surveillance.
• Created a Customer Advocacy Support Team that could handle specific problems.

How Wells Fargo customers reacted and the legal fallout

The company’s slow response to the Wells Fargo data leak didn’t satisfy those impacted by it. Customers voiced their frustration after seeing no resolution thanks to the bank’s vague messaging and lack of transparency. Seeing no one on their side, users posted on Reddit, discussing their experiences with suspicious account activity, unexplained account holds, and misinformation. 

Bank users agreed negligence likely played a factor too. It is hard to disagree when the official breach notice was not filed until September 2024. From the customers’ viewpoint, it took Wells Fargo more than a year to act. In response, customers like Cynthia Beets and Tamra Bacon filed class action lawsuits, accusing Wells Fargo of failing to secure customers’ protected information. One of the lawsuits claims that Wells Fargo did nothing for over a year, and didn’t investigate early enough or notify customers until it was too late. The suit further argues that the delay forced millions of customers to deal with long-term personal and financial damage. 

These lawsuits reveal a growing demand for data protections that address these security gaps and for more accountability from industry players. 

Has Wells Fargo been hacked before?

Wells Fargo is no stranger to exposing its customers’ private information. In 2017, during a defamation lawsuit involving an employee, the bank’s legal team accidentally sent a large file containing private customer information to opposing counsel during the discovery process. The disclosure included names, Social Security numbers and detailed information on thousands of high-net-worth individuals. 

The data wasn’t exposed during a cyber attack, but by poor internal controls and a pattern of insider missteps. While careless, it shows a lack of protection and oversight of employees when they handle valuable customer data. When there are repeated incidents, it suggests there are lapses in Wells Fargo’s efforts to control employee access and defend its customers from bad actors.

Are threat actors targeting banks for data breaches?

Insider threats are an underestimated vulnerability in the finance industry, and they have the potential to do great harm. A report from Cybersecurity Insiders found that 74% of financial organizations agree that insider attacks are more frequent than in previous years. 

Beyond Wells Fargo: how widespread are banking breaches?

Security breaches aren’t just a Wells Fargo issue. Banks are a prime target because they handle highly valuable financial data, such as Social Security numbers, credit and debit card details, mortgage loan records, and more. Once this permanent data is exposed, a person’s risk of lifetime fraud greatly increases. 

Banking data breaches aren’t isolated, and the troubling trend includes several recent examples: 

• In 2019, a Capital One data breach occurred when a former software engineer hired by Amazon Web Services breached the server and stole the personal data of over 100 million customers from the U.S. and Canada.
• A Truist data breach in October 2023 resulted from a hacking attack focused on Truist employees and some banking customers. A much larger security breach in 2024 impacted Truist customers when FBCS, a third-party debt collector, experienced a data breach. Comcast customers were also affected.
• Data leaks don’t always happen because of direct cyber attacks. A Chase data breach in August 2021 happened when a software issue allowed unauthorized users to access retirement plan information. The exposure continued for over two years and impacted over 450,000 Chase customers. 

Because financial institutions handle a high volume of personal customer data, cybercriminals use multiple attack vectors to breach security. As our increasing reliance on cloud services and outsourcing broadens the attack surface for cybercriminals, companies need more proactive security measures to handle: 

• Social engineering attacks, in which criminals often impersonate a trusted financial figure to manipulate individuals into giving up their information.  
• Supply chain vulnerabilities that can open a backdoor to customer data through a bank’s business partners. Sometimes, a single weakness, like documents lost by a vendor or a service provider vulnerability, is enough to trigger a data compromise. 
• Credential stuffing, which happens when cyberattackers purchase stolen credentials, often from the dark web, and use them to access your financial accounts. 

The real-world impact of bank data breaches on customers

If your bank is dealing with a data breach, it can have many consequences beyond immediate phishing scams. You may deal with: 

• Continuous identity problems – When someone steals your data, it can circulate on the dark web for years. This means malicious individuals can weaponize the stolen data long after the news fades. 
• Emotional and financial trauma – It’s common for customers to lose access to their online accounts. However, threat actors can also block you from accessing your paycheck. Disruptions like this can hit hard and may take months to find a solution. 
• Loss of trust in banking institutions – Data breaches can also fundamentally change how you work with banks. Often, customers will experience anxiety about their financial situation and abandon the services they consider unsafe. 

What to do if you’re a Wells Fargo customer

If you are ever overwhelmed by a Wells Fargo security breach, remember you are not alone. Take these steps to regain control and protect your personal information. 

Look for a data breach notification

If you received a data breach notification:

The company should have outlined the data exposure in the letter and extended an offer for two years of free identity theft protection through Experian IdentityWorks. Account could be activated within 60 days. 

If you did not receive a notification:

You bank with Wells Fargo, but no letter has come. Even without a notification, you can still act. Online sources like HaveIBeenPwned allow anyone to check if their email address is compromised, and monitor your credit for free at AnnualCreditReport.com. 

Use 2FA and transaction alerts

Account security isn’t just a business’s responsibility. Customers should be proactively improving their account security by using all tools at their disposal. Using 2FA on your Wells Fargo account will provide stronger security and require a second ID verification before allowing access to anything. 

Real-time transaction alerts can be helpful when you need to spot suspicious activity and take immediate action. Here are the steps to activate 2FA:

1. Log in to your Wells Fargo account.
2. Then, select Security & Support.
3. Find and choose Advanced Access and follow the prompts to activate it.

Place a credit freeze or activate fraud alerts

Data exposures can happen, but there are powerful tools at your disposal. You can stay one step ahead of threat actors with:

• Fraud alerts – A free, renewable service that usually lasts a year. An active alert signals creditors to take extra steps to verify your identity. 
• A credit freeze – This free service can offer stronger protection against credit fraud by restricting access to your credit file. It doesn’t affect your credit score and helps prevent new fraudulent activity. 

Check your credit card and bank statements regularly

Protecting your personal and financial reputation means checking your credit card and bank statements monthly. Go line by line and look for unfamiliar charges, fees, or other unauthorized activity. If you find something concerning on your statement, you should:

• Call your bank immediately.
• Request a freeze or close the account.
• Get more information about reimbursement for fraudulent transactions.

Be aware of phishing attempts and scams

Phishing has evolved. Today’s scams are not the obvious emails from fake princes. They can be targeted, sophisticated, and surprisingly convincing. Cybercriminals use real personal information to make their messages seem more legitimate. 

You can find phishing scams in:

• Emails and text messages asking for your login credentials from someone claiming to be a Wells Fargo representative.
• Suspicious links urging you to “secure your account” or “verify your identity.” 
• Calls from imposters trying to convince you they are a bank representative. 

When in doubt, don’t click any links. Go to the Wells Fargo website or call the phone number on your card and speak to customer care. 

Speak to a lawyer

If you believe your data was compromised in the Wells Fargo breach, it’s never too soon to speak with a legal professional. There are several law firms representing clients affected by the Wells Fargo data breach, including:

• Morgan & Morgan
• Kantrowitz, Goldhammer & Graifman P.C.
• Milberg Coleman Bryson Phillips Grossman

A lawyer will: 

• Determine if you’re eligible to join the existing lawsuit. 
• Explain any potential compensation and legal protections relevant to you.
• Help guide you through the next steps.

If you’re unsure about your exposure, a consultation could answer your questions and offer peace of mind. 

Contact Wells Fargo with further questions about the breach

Wells Fargo encourages any affected customers to contact their Customer Advocacy Support Team. You can speak with a representative to get more information about: 

• Whether your data was involved in the breach.
• Asking for more help accessing identity theft protection. 
• Reporting suspicious activity related to your account. 

While breaches inevitably happen, you can still improve your online security. 

How to improve your online security after a data breach

You need to be ready if a future event compromises your life. Here’s what you can do to start tightening your digital defenses moving forward:

• Limit what you share online – Always protect your information and minimize your digital footprint. Avoid listing your birthdate online or checking in on social media. 
• Strong, unique passwords are safer – Use distinct, unique passwords for every online account. Password managers can be helpful when creating complex passwords. 
• Limit app permissions and access – Periodically check the apps you use, especially if they have access to your email or bank account. Only use third-party integrations that you trust.

A Wells Fargo security breach put your information at risk and increased your chances of identity theft. Another major threat is the widespread availability of your data on people-search and data broker websites. Cybercriminals often exploit those to piece together your full digital profile using both details compromised in breaches and the ones exposed on data brokers, like names, addresses, phone numbers, and more. 

Onerep helps minimize this risk by continuously scanning and removing your personal data from over 200 data broker sites. Reducing your digital presence makes it harder for bad actors to impersonate you or commit fraud in your name. 

FAQs about the Wells Fargo data breach

Did Wells Fargo get hacked?

No, the 2024 Wells Fargo data breach was not caused by a cyberattack. An insider threat occurred when an employee improperly accessed sensitive customer data repeatedly. 

What information was leaked in the Wells Fargo data leak?

The data leak revealed customer names, addresses, birthdays, Social Security numbers, bank account numbers, and credit and debit card details. 

Is it safe to bank with Wells Fargo now?

In general, Wells Fargo is a safe financial institution. After recent security breaches, they have terminated any employees involved, investigated the event, and offered identity theft protection to their customers. 

What should I do if I’m worried about my information?

Seeking information is the first and best step moving forward. Check to see if you have received any official notifications of a security breach. Enroll in any identity protection they offer you. Watch your credit and consider using Onerep to reduce your exposure on data broker sites.