South African bank to replace 12m cards after employees stole master key

[InfoSec News <alerts () infosecnews org>]

https://www.zdnet.com/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/

By Catalin Cimpanu
Zero Day
ZDNet.com
June 15, 2020

Postbank, the banking division of South Africa's Post Office, has lost more 
than $3.2 million from fraudulent transactions and will now have to replace 
more than 12 million cards for its customers after employees printed and then 
stole its master key.

The Sunday Times of South Africa, the local news outlet that broke the story, 
said the incident took place in December 2018 when someone printed the bank's 
master key on a piece of paper at its old data center in the city of Pretoria.

The bank suspects that employees are behind the breach, the news publication 
said, citing an internal security audit they obtained from a source in the 
bank.

The master key is a 36-digit code (encryption key) that allows its holder to 
decrypt the bank's operations and even access and modify banking systems. It is 
also used to generate keys for customer cards.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_