Branch security failings exposed by fake heists

Branch security failings exposed by fake heists

Researchers have compromised the security of over 1000 US bank branches in a series of physical and virtual heists that involved "stealing" the personal data of bank customers.

Between 2003 and 2008 IT security outfit TraceSecurity says it accessed data by hacking bank networks through the Internet, phishing, pharming and pre-text calling.

The firm's researchers also entered branches disguised as fire staff and pest controllers and successfully tricked staff into letting them into areas of the bank containing sensitive data 95% of the time.

Jim Stickley, CTO, TraceSecurity, says: "When in disguise, TraceSecurity engineers were only questioned on a couple of occasions."

Whilst in these restricted areas, TraceSecurity says it was often able to steal backup tapes, loan applications, laptops, mobile phones and PDAs without being detected by bank employees.

The stolen equipment contained confidential information such as social security numbers, account numbers, contact information, mother's maiden names, driver licence numbers and credit card numbers.

"It takes only one branch location for all customers' sensitive data to be at risk, and recent data breaches have shown these losses can amount to billions of dollars - a huge cost for what's usually a small, avoidable error," says Stickley.

Comments: (0)