Virtual heists expose gaps in bank security
A data security firm has revealed it breached security at over a thousand US bank branches
BATON ROUGE, LA – Over a thousand US bank branches have had their information security compromised by researchers’ fake thefts of customers’ personal data. Louisiana-based technology security firm TraceSecurity says it broke through security in a variety of real world and virtual ways between 2003 and 2008.
These included hacking bank networks through the web, phishing, pharming and pre-text calling scams, in addition to entering the branch disguised as fire fighters or pest controllers and gaining access to restricted areas containing sensitive data.
The researchers said the physical disguise-based heists alone worked 95% of the time, allowing them to steal back-up tapes, loan applications, laptops, mobile phones and personal digital assistants (PDAs) without detection.
Successfully stolen data included social security numbers, account numbers, contact details, answers to secret questions, driver’s licence numbers and credit card numbers.
Jim Stickley, chief technology officer at TraceSecurity, says: “It takes only one branch location for all customers’ sensitive data to be at risk, and recent data breaches have shown these losses can amount to billions of dollars – a huge cost for what's usually a small, avoidable error.”
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Regulation
EU states take the slow road to new cross-border services ban
Late national transposition hampers foreign banks’ decisions on location of affected activities
Don’t mention the rules: the fight against prediction market abuse
For the CFTC to regulate new venues effectively, it must first redefine insider trading
Can the US FRTB revamp make the IMA great again?
Banks are finally presented with a viable internal models framework under Basel III’s market risk rules
UK rethinking tougher capital rules for US bank subsidiaries
US endgame draft would trigger UK Basel III trap floor for foreign banks, but PRA is reviewing
EBA proposes drastic overhaul to supervisory data reporting
Revamp will cut back the number of datapoints and integrate overlapping reports
CFTC wants to regulate prediction markets. Is it up to the task?
Former officials echo state gambling authorities’ concerns over agency’s ability to police betting risks
EBA seeks to allay Simm divergence concerns
EU validator pledges to co-ordinate with global regulators, but retains ability to act alone “if needed”
FRTB models find salvation in US Basel III proposal
Changes to P&L attribution test and NMRFs make IMA viable for US banks, risk managers say
