BreachExchange mailing list archives
Pentagon's credit union hacked
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 13 Jan 2011 23:58:16 -0500
http://www.msnbc.msn.com/id/41059570/ns/technology_and_science-security/ A security breach at the Pentagon's official credit union has exposed the personal and financial records of members of the U.S. military and their families, putting hundreds of thousands of people at risk for identity theft. The Pentagon Federal Credit Union’s (PenFed) database, which includes names, addresses, Social Security numbers and credit card numbers, was accessed by a malware-infested PC, Paul Roberts of the security firm Kaspersky Lab reported. Chartered in 1935, PenFed serves about 100,000 members in the Air Force, Army, Coast Guard, Department of Homeland Security, Department of Defense and the Veterans of Foreign Wars. PenFed offers mortgages, credit cards and loans to its customers, and has $15 billion in assets. The full extent of the data breach is not yet known. Roberts reported that the attack was discovered Dec. 12 and that so far 514 New Hampshire residents have been affected. In a letter mailed to customers, PenFed's executive vice president of operations, Roderick Mitchell, said, "We have no indication that your information has been misused." No PINs or passwords were accessed in the breach, Mitchell said. PenFed reissued all credit and debit cards to members whose account information may have been obtained illegally. In an unrelated development, PenFed posted an alert on its website notifying customers that a man named Dick Bennett has been posing as a PenFed underwriter, phoning people to tell them their mortgages are being sold, and then requesting personal information. Online attacks against credit unions and government employees are nothing new. A sheriff's office in Colorado was victimized in December, exposing the names and addresses of confidential drug informants. Cybersecurity experts believe high-profile data breaches will continue to occur because the rewards of obtaining sensitive government data are so high. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Pentagon's credit union hacked Jake Kouns (Jan 13)