Virtual heists expose gaps in bank security
Daily news headlines
BATON ROUGE, LA – Over a thousand US bank branches have had their information security compromised by researchers’ fake thefts of customers’ personal data. Louisiana-based technology security firm TraceSecurity says it broke through security in a variety of real world and virtual ways between 2003 and 2008.
These included hacking bank networks through the web, phishing, pharming and pre-text calling scams, in addition to entering the branch disguised as fire fighters or pest controllers and gaining access to restricted areas containing sensitive data.
The researchers said the physical disguise-based heists alone worked 95% of the time, allowing them to steal back-up tapes, loan applications, laptops, mobile phones and personal digital assistants (PDAs) without detection.
Successfully stolen data included social security numbers, account numbers, contact details, answers to secret questions, driver’s licence numbers and credit card numbers.
Jim Stickley, chief technology officer at TraceSecurity, says: “It takes only one branch location for all customers’ sensitive data to be at risk, and recent data breaches have shown these losses can amount to billions of dollars – a huge cost for what's usually a small, avoidable error.”
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Regulation
SVB opens floodgates on liquidity buffers debate
European regulator says HQLAs should be booked at fair value, but not everyone agrees
SEC cyber rules risk creating web of confusion and costs
Proposals would require breach notifications, public disclosures and annual cyber assessments
Indonesia readies close-out netting after passing P2SK Law
Bankruptcy law changes remove close-out netting obstacles
Top 10 operational risks: The umpire strikes back
Tougher regulatory enforcement, new consumer rules and rise of ESG are ringing alarm bells
Behnam comments fan JSCC hopes for US client clearing
Japan clearing exec welcomes CFTC chair’s pledge to keep discussing OTC clearing status for non-US houses
SVB wouldn’t happen in Europe, says Deutsche CIB head
Campelli also thinks Credit Suisse’s bailed-in AT1 bonds acted as originally intended
How Finma milked Credit Suisse’s CoCos to close UBS deal
An unusual clause in Swiss AT1 bonds allowed them to be written off, but could others follow suit?
