Malware on Laptop Caused Security Breach at PenFed

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.depositaccounts.com/blog/2011/01/malware-on-laptop-caused-security-breach-at-penfed.html

[PenFed is short for Pentagon Federal Credit Union  - WK]

By Ken
Bank Deals Guy
DepositAccounts.com
January 11, 2011

PenFed had a laptop infected with malware that permitted unauthorized 
access to a database containing personal data of certain members. The 
security breach appeared to only affect PenFed members with credit cards. 
Fatwallet members with Amex and Visa credit cards reported being issued 
new credit cards with new numbers. Letters to affected members were 
supposedly sent on January 4th.

New Hampshire is one of the states that require financial institutions to 
notify the state attorney general of security breaches that affect any of 
the state's residents.

Here's the PenFed's letter at the New Hampshire state website. It also 
included a template of the letter that was sent to certain members. Here's 
an excerpt of this letter:

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/