SunTrust says a former employee may have stolen about 1.5 million customers' data and shared it with a "criminal third party."
Chairman and CEO William Rogers Jr. made the announcement Friday as the regional bank released its quarterly earnings.
Rogers said the former employee tried to print the customer data. The information included names and account balances, but not Social Security numbers, account numbers or passwords.
The bank has not identified "significant fraudulent activity" on the accounts, Rogers said. It notified customers who were affected.
SunTrust became aware of the matter at the end of February and immediately opened an investigation and asked outside experts to help, said spokesperson Sue Mallino.
Last week, SunTrust "learned of the likelihood of printing the information for use outside of SunTrust," she said. The bank did not identify or elaborate on the criminal third party. It is working with law enforcement.
Related: The hacks that left us exposed in 2017
SunTrust announced Friday that it would offer a free identify protection service to all current and new customers to address the "potential data threat and broader risk environment."
SunTrust is working with the credit reporting agency Experian on the program, which includes credit monitoring, annual credit reports and identify theft insurance.
"We apologize to clients who may have been affected by this. We have heightened our monitoring of accounts and increased other security measures," Rogers said in a statement. "Ensuring personal information security is fundamental to our purpose as a company of advancing financial well-being."
SunTrust (STI) is the 12th-largest US commercial bank by assets, according to the Federal Reserve. The bank manages $205 billion in assets and has 1,236 branches.
—CNNMoney's Matt Egan contributed to this story.