Back

usbank.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure impacting U.S. Bank, with a risk score of 100. The primary concern stems from a massive volume of historical data breaches (290,947 events) and active infostealer logs (41,881 events) over the period of July 2025 to June 2026. These events suggest a widespread compromise affecting both employees (121,200) and clients (211,628). The data originates from combolist sources and database dumps, with malware families like Redline, Rhadamanthys, and LummaC2 being prevalent. Given the high risk score and the sheer volume of data breach and infostealer events, this situation requires immediate attention. The focus should be on identifying the root cause of these breaches, assessing the full extent of compromised data, and implementing robust security measures to prevent further exfiltration. Prioritizing remediation efforts on securing client and employee credentials and data is paramount, especially considering the targeting of online banking services.

Total Events

332,828
credential exposure events

Employee Affected Events

121,200
account email domain = usbank.com

Client Affected Events

211,628
service target = usbank.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
80,00053,33326,6670
peak month 69,509
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events41,881
Share13%
Data breaches
Events290,947
Share87%
Infostealer logs (13%)
41,881events
Data breaches (87%)
290,947events

121,200 compromised employee accounts pose an infrastructure risk, while 211,628 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender1,128
Windows Defender McAfee129
Unknown30
Avast Antivirus22
Avast Norton20
Windows Defender McAfee VirusScan19
McAfee18
Webroot SecureAnywhere15
Windows Defender.14

Malware Families Distribution

Distribution of Active Stealer Strains

Redline6,502
Rhadamanthys6,279
LummaC24,765
Acreed3,294
Vidar1,848
X-Files1,338
Millenium490
Blank Grabber362
RisePro286

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.usbank.com/index.html18,306
  2. 2usbank.com/index.html11,795
  3. 3https://onlinebanking.usbank.com11,286
  4. 4onlinebanking.usbank.com10,238
  5. 5usbank.com9,884
  6. 6https://onlinebanking.usbank.com/auth/login/9,496
  7. 7www.usbank.com/index.html7,991
  8. 8https://onlinebanking.usbank.com/Auth/Login7,094
  9. 9https://usbank.com6,184
  10. 10https://www.usbank.com5,449

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events20,790
Netherlands
Events464
Indonesia
Events437
India
Events401
Germany
Events399
Nigeria
Events278
Canada
Events217
Mexico
Events190

Country Breakdown

  1. 1United States20,790
  2. 2Netherlands464
  3. 3Indonesia437
  4. 4India401
  5. 5Germany399
  6. 6Nigeria278
  7. 7Canada217
  8. 8Mexico190

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft393
Citrix137
Pulse Secure20
Cisco (AnyConnect)17
Git16
FortiNet VPN7
WordPress2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 114,756
Windows 11 24H2 build 26100 (64 Bit)3,924
Windows 10 Home x641,901
Windows 10 Enterprise x641,539
Windows 101,532

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
210,794
Combolist pools
80,153
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.