A former employee may have attempted to download information on nearly 1.5 million clients and share it with a criminal third-party SunTrust Banks said Friday. According to SunTrust, it became aware of the potential theft by a former employee of information from some of its contact lists.

Although the investigation is ongoing, SunTrust said it is proactively notifying approximately 1.5 million clients that certain information, such as name, address, phone number and certain account balances may have been exposed.

The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver’s license information, the company stated. SunTrust said it is also working with outside experts and coordinating with law enforcement.

“Ensuring personal information security is fundamental to our purpose as a company of advancing financial well-being,” said Bill Rogers, SunTrust chairman and CEO. “We apologize to clients who may have been affected by this. We have heightened our monitoring of accounts and increased other security measures. While we have not identified significant fraudulent activity, we will reinforce our promise to clients that they will not be held responsible for any loss on their accounts as a result.”

The company is now offering Identity Protection for all current and new consumer clients at no cost on an ongoing basis. Experian IDnotify will be provided to those who sign up for the service.