Hackers Steal OmniAmerican Account Data
By BARRY SHLACHTER
Star-Telegram
An international gang of cyber criminals hacked into OmniAmerican Bank's records, the bank's president disclosed Wednesday.
They stole scores of account numbers, created new PINs, fabricated debit cards, then withdrew cash from ATMs in Eastern Europe, including Russia and Ukraine, as well as in Britain, Canada and New York.
"It was a pretty sophisticated scheme," said Tim Carter, president of the Fort Worth-based bank.
The amount stolen is not yet known, he said, describing it only as "minimal." No depositors will lose money, he said.
Fewer than 100 accounts, some of them dormant, were compromised, all with a daily withdrawal limit of less than $1,000, he said.
After discovering the fraudulent activity Friday afternoon, OmniAmerican placed temporary limits on some ATM and debit-card transactions and suspended some electronic banking services, which were restored Sunday, Carter said. At no time were customer deposits at risk, he stressed. "We reduced by half the dollar amount that could be withdrawn and limited [access] to Texas. We cut out anything outside Texas," Carter said.
The unauthorized withdrawals were stopped Friday, and bank employees worked over the weekend to deal with the damage, he said.
The bank learned of the breach from customers inquiring about unusual activity in their accounts, from internal monitoring and from a law-enforcement agency, which Carter declined to name.
Letters alerting check-card holders of the fraudulent activity were mailed Wednesday, the bank said.
OmniAmerican is also issuing approximately 40,000 new debit cards as a safeguard against future fraudulent activity, Carter said. Each needs a revised personal identification number.
Martin Carmichael, the Plano-based chief security officer at McAfee, a computer-security firm, said this type of cyber-attack has become "a commonplace occurrence," although some banks are reluctant to admit that their security has been breached.
Carmichael said OmniAmerican apparently fell victim to one of the more skilled gangs of criminal hackers.
"If you look at the sophistication of it -- going in, modifying PINs, issuing cards -- this is not a kid out there," he said. "This appears to be something set up. Time was involved in executing it."
Carmichael said the group could have originated in Russia, although similar skilled hackers are now being found in Asia, particularly China.
Whoever they are, he said, "they're elite, more elegant, and it's difficult for banks and many enterprises to keep pace with their activities.
"Banks are under a great amount of pressure to balance risk and shareholder value," said Carmichael, speaking from Las Vegas, where he is attending a conference. "They could do more, [but they] have a hard time justifying the cost until an incident occurs."
View the full story here
Star-Telegram
An international gang of cyber criminals hacked into OmniAmerican Bank's records, the bank's president disclosed Wednesday.
They stole scores of account numbers, created new PINs, fabricated debit cards, then withdrew cash from ATMs in Eastern Europe, including Russia and Ukraine, as well as in Britain, Canada and New York.
"It was a pretty sophisticated scheme," said Tim Carter, president of the Fort Worth-based bank.
The amount stolen is not yet known, he said, describing it only as "minimal." No depositors will lose money, he said.
Fewer than 100 accounts, some of them dormant, were compromised, all with a daily withdrawal limit of less than $1,000, he said.
After discovering the fraudulent activity Friday afternoon, OmniAmerican placed temporary limits on some ATM and debit-card transactions and suspended some electronic banking services, which were restored Sunday, Carter said. At no time were customer deposits at risk, he stressed. "We reduced by half the dollar amount that could be withdrawn and limited [access] to Texas. We cut out anything outside Texas," Carter said.
The unauthorized withdrawals were stopped Friday, and bank employees worked over the weekend to deal with the damage, he said.
The bank learned of the breach from customers inquiring about unusual activity in their accounts, from internal monitoring and from a law-enforcement agency, which Carter declined to name.
Letters alerting check-card holders of the fraudulent activity were mailed Wednesday, the bank said.
OmniAmerican is also issuing approximately 40,000 new debit cards as a safeguard against future fraudulent activity, Carter said. Each needs a revised personal identification number.
Martin Carmichael, the Plano-based chief security officer at McAfee, a computer-security firm, said this type of cyber-attack has become "a commonplace occurrence," although some banks are reluctant to admit that their security has been breached.
Carmichael said OmniAmerican apparently fell victim to one of the more skilled gangs of criminal hackers.
"If you look at the sophistication of it -- going in, modifying PINs, issuing cards -- this is not a kid out there," he said. "This appears to be something set up. Time was involved in executing it."
Carmichael said the group could have originated in Russia, although similar skilled hackers are now being found in Asia, particularly China.
Whoever they are, he said, "they're elite, more elegant, and it's difficult for banks and many enterprises to keep pace with their activities.
"Banks are under a great amount of pressure to balance risk and shareholder value," said Carmichael, speaking from Las Vegas, where he is attending a conference. "They could do more, [but they] have a hard time justifying the cost until an incident occurs."
View the full story here
Labels: credit card fraud, debit card fraud, omniamerican bank, stolen pin
posted by Aubrey Jones @ Thursday, January 31, 2008
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home