BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Pentagon's credit union hacked

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 13 Jan 2011 23:58:16 -0500
http://www.msnbc.msn.com/id/41059570/ns/technology_and_science-security/

A security breach at the Pentagon's official credit union has exposed
the personal and financial records of members of the U.S. military and
their families, putting hundreds of thousands of people at risk for
identity theft.

The Pentagon Federal Credit Union’s (PenFed) database, which includes
names, addresses, Social Security numbers and credit card numbers, was
accessed by a malware-infested PC, Paul Roberts of the security firm
Kaspersky Lab reported.

Chartered in 1935, PenFed serves about 100,000 members in the Air
Force, Army, Coast Guard, Department of Homeland Security, Department
of Defense and the Veterans of Foreign Wars. PenFed offers mortgages,
credit cards and loans to its customers, and has $15 billion in
assets.

The full extent of the data breach is not yet known. Roberts reported
that the attack was discovered Dec. 12 and that so far 514 New
Hampshire residents have been affected.
In a letter mailed to customers, PenFed's executive vice president of
operations, Roderick Mitchell, said, "We have no indication that your
information has been misused." No PINs or passwords were accessed in
the breach, Mitchell said.

PenFed reissued all credit and debit cards to members whose account
information may have been obtained illegally.

In an unrelated development, PenFed posted an alert on its website
notifying customers that a man named Dick Bennett has been posing as a
PenFed underwriter, phoning people to tell them their mortgages are
being sold, and then requesting personal information.

Online attacks against credit unions and government employees are
nothing new. A sheriff's office in Colorado was victimized in
December, exposing the names and addresses of confidential drug
informants. Cybersecurity experts believe high-profile data breaches
will continue to occur because the rewards of obtaining sensitive
government data are so high.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: