Hackers pluck 8,300 customer logins from bank server

[security curmudgeon <jericho () attrition org>]

http://www.theregister.co.uk/2010/01/12/bank_server_breached/

Hackers pluck 8,300 customer logins from bank server
New variation on an old theme scheme
By Dan Goodin in San Francisco
Posted in Crime, 12th January 2010 22:29 GMT

Hackers have stolen the login credentials for more than 8,300 customers of 
small New York bank after breaching its security and accessing a server 
that hosted its online banking system.

The intrusion at Suffolk County National Bank happened over a six-day 
period that started on November 18, according to a release (PDF) issued 
Monday. It was discovered on December 24 during an internal security 
review. In all, credentials 8,378 online accounts were pilfered, a number 
that represents less than 10 percent of SCNB's total

"Although the intrusion was limited in duration and scope, SCNB 
immediately isolated and rebuilt the compromised server and took other 
measures to ensure the security of data on the server," the bank, located 
about an hour east of New York City, stated. "To date, SCNB has found no 
evidence of any unauthorized access to online banking accounts, nor 
received any reports of unusual activity or reports of financial loss to 
its customers."

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php