CUInfoSecurity.com - Information Security News, Regulations, & Education

Credit Union Information Security Articles

22 Banking Breaches So Far in 2010

Credit
Eligible
As a CUInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info
Report: Hacking, Insider Theft Continue to be Top Trends
March 23, 2010 - Linda McGlasson, Managing Editor
Share

Comment on this article

UPDATED: There have been 173 reported data breaches so far in 2010, and 34 of these involve financial services companies.

This means that in less than one quarter of the year, we already have seen more than one-third of the 62 banking-related breaches reported in all of 2009.

The numbers are slightly skewed, says Linda Foley of the Identity Theft Resource Center (ITRC), the organization that tracks data breaches, because some of the 22 incidents actually occurred in 2009 but are just now being brought to light - particularly in Maryland, where the state's attorney general's office reported a slew of 2009 incidents on March 1 of this year. "I suspect there will be more [reports] coming," Foley says, "so the trend thus far is we're finally finding out about breaches that are just coming out."

Click to Get Updates on the Latest Information Security News

But the new year's breaches are enough to convince observers that last year's trends are continuing. "2010 could be a tough year for everyone," Foley says.

2010 Trends
If the breach trends do continue as they did in 2009, then financial service companies will continue to experience malicious hacking and insider theft. The challenge for organizations such as the ITRC is that many organizations fail to report their breaches. "The problem is: We're not trying to embarrass a company, but inform everyone of what is happening out there."

Based on what Foley says she's seen so far in 2010, much information has been lost, "so there's a real need for businesses to adopt policies to protect data."

Despite the Federal Trade Commission's work in promoting the ID Theft Red Flags Rule, Foley says many businesses still don't want to comply with the requirements. "If you don't want to protect it, then don't collect the data," she advises these organizations.

For those organizations that do buy into data protection, they must deputize their employees to take the responsibility seriously. "You should be telling your employees why it is important, so they buy into the wanting to actively protect data, and so they don't see it as another chore," Foley says.

Of the breaches reported thus far in 2010, financial services breaches add up to 11.7 percent of the 173 incidents -- the second lowest percentage on the list. The remaining incidents break down as:

Business/Retail - 44%
Medical/healthcare -- 23%;
Government/military --15 %;
Education - 7%

List of Reported Breaches
Editor's Note: The following is a list of data breaches that have affected U.S. financial institutions in 2010. The information was compiled from the 2010 Data Breach Report by the Identity Theft Resource Center (ITRC), based in San Diego, CA.

ESB Financial, Emporia State Bank
Emporia, KS
Records Taken: 3,097
Type of Breach: Exposure of data on Web
Date: April 23

Emporia State Bank officials announced that 7 years ago a data backup was sent to an unauthorized storage source. A total of 3,097 customers’ personal data could have been exposed by the backup. An outside computer specialist did not realize what had happened, and knowledge of the problem did not surface for seven years, when someone stumbled onto information and numbers during an Internet search. Bank officials say that names, addresses, account numbers and, in some cases, Social Security numbers, would have been available to someone who found them on the Internet.

PNC Bank
Pittsburgh, PA
Records Taken: Unknown
Type of Breach: Skimming
Date: April 15


1 | 2 | 3 | 4 ...

Next Related Article:


Question
Question
?What breach trends are you seeing so far in 2010?
Here's your chance to be a part of the dialogue and engage with your peers! Just enter your comment to the right, click submit to send it to our Editor. All entries are posted anonymously.
Please login if you would like to post a comment on this question.

"What breach at Fifth Third? I think you need a lesson in the card processing life-cycle. The issuing bank is responsible for reissuing their cards that are breached at any other merchant or processor. So the breach happens at ABC merchant or XYZ processor (i.e. the largest breach the industry has seen has been at once of these processors) and Fifth Third, PNC, US Bank, etc are all responsible for reissuing cards to their customers. It doesn't mean that the breach happened at these banks.
"This list doesn't even include the PNC/National City and Fifth Third breaches which occured recently in Cincinnati, OH. Running out of safe places to bank.

Topics of Interest

Federal Reserve Board

Fraud

Vendor Management

ITGI

ID Access & Management

Compliance

Latest Tweets & Mentions

CUInfoSecurity.com Research

Recent Blog Entries

More Blogs Posts

Vendor Solutions

  • Qualys, Inc. Qualys, Inc.

    Solutions For:

    Compliance, Penetration Testing, Security Appliance

  • Symantec Corporation Symantec Corporation

    Solutions For:

    Business Continuity/ Disaster Recovery, Email Security, Enterprise Security Management

More Vendor Solutions

Marketplace

Advanced Search
Browse Topics
close

Agencies

Anti-Money Laundering


Banking Today

Business Continuity & Disaster Recovery

Compliance

Emerging Technology

Fraud

Governance & Standards

Identity Theft

Leadership & Management


Physical Security

Risk Management

Training & Education