Virtual heists expose gaps in bank security

A data security firm has revealed it breached security at over a thousand US bank branches

BATON ROUGE, LA – Over a thousand US bank branches have had their information security compromised by researchers’ fake thefts of customers’ personal data. Louisiana-based technology security firm TraceSecurity says it broke through security in a variety of real world and virtual ways between 2003 and 2008.

These included hacking bank networks through the web, phishing, pharming and pre-text calling scams, in addition to entering the branch disguised as fire fighters or pest controllers and gaining access to restricted areas containing sensitive data.

The researchers said the physical disguise-based heists alone worked 95% of the time, allowing them to steal back-up tapes, loan applications, laptops, mobile phones and personal digital assistants (PDAs) without detection.

Successfully stolen data included social security numbers, account numbers, contact details, answers to secret questions, driver’s licence numbers and credit card numbers.

Jim Stickley, chief technology officer at TraceSecurity, says: “It takes only one branch location for all customers’ sensitive data to be at risk, and recent data breaches have shown these losses can amount to billions of dollars – a huge cost for what's usually a small, avoidable error.”

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact info@risk.net to find out more.

Most read articles loading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here