BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

fringe: Hackers pluck 8, 300 customer logins from bank server

From: security curmudgeon <jericho () attrition org>
Date: Tue, 6 Apr 2010 00:18:17 +0000 (UTC)

[Presumably, if they logged into these accounts, information may have been
  disclosed. - jericho]

http://www.theregister.co.uk/2010/01/12/bank_server_breached/

Hackers pluck 8,300 customer logins from bank server
New variation on an old theme scheme
By Dan Goodin in San Francisco . Get more from this author
Posted in Crime, 12th January 2010 22:29 GMT

Hackers have stolen the login credentials for more than 8,300 customers of 
small New York bank after breaching its security and accessing a server 
that hosted its online banking system.

The intrusion at Suffolk County National Bank happened over a six-day 
period that started on November 18, according to a release (PDF) issued 
Monday. It was discovered on December 24 during an internal security 
review. In all, credentials for 8,378 online accounts were pilfered, a 
number that represents less than 10 percent of SCNB's total customer base.

"Although the intrusion was limited in duration and scope, SCNB 
immediately isolated and rebuilt the compromised server and took other 
measures to ensure the security of data on the server," the bank, located 
about an hour east of New York City, stated. "To date, SCNB has found no 
evidence of any unauthorized access to online banking accounts, nor 
received any reports of unusual activity or reports of financial loss to 
its customers."

The breach represents a variation on more traditional types of attacks on 
online banking. Cyber crooks typically target customers by surreptitiously 
planting malware on their computers that log their user name and password. 
The FBI estimates that online banking losses to small and medium-sized 
businesses alone have reached $100m.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: