Wednesday, January 13, 2010

Hacker Cracks Bank Server, Steals Customer Login Credentials

More free credit monitoring for online banking customers!


Hackers have stolen the login credentials (username/passwords) for almost more than 8,500 customers from a small New York bank.  The login details of 8378 Suffolk County National Bank (SCNB) customers have been stolen after a hacker breached its security and accessed a server which contained user log-in details.  Here's the Press Release from the Bank:




PRESS RELEASE



Contact: Douglas Ian Shaw

Corporate Secretary

(631) 727-5667

www.SuffolkBancorp.com

4 West Second Street

Riverhead, NY 11901

(631) 727-5667 (Voice) - (631) 727-3214 (FAX)

e-mail to: invest@suffolkbancorp.com



SUFFOLK BANCORP THWARTS DATA INTRUSION AT BANKING SUBSIDIARY NO FINANCIAL LOSSES TO CUSTOMERS DISCOVERED



Riverhead, New York, January 11, 2010 — Suffolk Bancorp (NASDAQ - SUBK) announced today that on December 24, 2009, its banking subsidiary, the Suffolk County National Bank (“SCNB”) discovered through an internal security review that an unauthorized intruder accessed certain customers’ Log In information via the computer server hosting SCNB’s Online Banking system. Based on SCNB’s investigation, which is ongoing, the unauthorized access occurred during a finite, six-day-period between November 18 and November 23, 2009. 8,378 Online Banking customers were affected, amounting to less than 10 percent of SCNB’s total customers.



Although the intrusion was limited in duration and scope, SCNB immediately isolated and rebuilt the compromised server and took other measures to ensure the security of data on the server. To date, SCNB has found no evidence of any unauthorized access to Online Banking accounts, nor received any reports of unusual activity or reports of financial loss to its customers.





SCNB has taken a number of additional steps to minimize any possible effect of this incident on its customers. It:



• Immediately launched an aggressive investigation of the incident with assistance from outside experts in forensics.

• Notified the consumer reporting agencies (Experian®, Trans Union® and Equifax®) of the incident.

• Notified the Office of the Comptroller of the Currency, its primary regulator; the New York State Consumer Protection Board; the New York State Office of Cyber Security & Critical Infrastructure Coordination; and law enforcement agencies.

• Notified all customers affected via first class mail posted today.

• For affected retail customers, arranged for credit monitoring services for 2 years, at SCNB’s expense.

• For affected business customers, arranged for Positive Pay service from SCNB, or Deluxe Security Checks for one year, at SCNB’s expense.



Further information regarding these services is available on SCNB’s web site, www.SCNB.com. Customers wishing to reassure themselves of their status with regard to this incident can contact the manager of their local branch office. Telephone numbers for each office can be obtained from the web site, or at SCNB’s main number, 1 (631) 208-2200. Investors and shareholders should be advised that a provision of approximately $351,000, net of taxes, or about $0.04 per share, was booked during the fourth quarter of 2009 to account for expenses which may or may not be incurred in responding to this incident. This provision is based on the SCNB’s current assessment of the incident. Additional expenses may be incurred to address additional issues, if any, uncovered in the course of completing the investigation. President and Chief Executive Officer, J. Gordon Huszagh commented, “The security of customers’ information is of utmost importance to SCNB. While we know that our diligence in this regard allowed us to uncover this incident, and to take action rapidly to protect our customers, we also recognize that the provision of financial services over the Internet requires our dedication to continuous monitoring and security.” He continued, “To colleagues and customers alike, we continually emphasize that Good Relationships are Good Business. Good relationships are built on trust, and trust is based on honest communication and on actions taken in good faith. While at this time we know of no misuse of our customers’ data, we have taken all of the actions noted above to minimize any future inconvenience to our customers.”



He concluded, “We understand that this kind of incident is a source of concern: both to our customers, even if their personal information is not misused; and to our shareholders for the expense incurred in response. We have responded to this incident as promptly, diligently and forthrightly as we know how, and will continue to do so until it is fully resolved. We apologize for the concern, and any inconvenience caused by this incident. We thank our customers and shareholders for maintaining their relationship with SCNB and its parent, Suffolk Bancorp.” SCNB previously informed customers that toward the end of this month SCNB will be introducing many improvements to our Online Banking service. This project has been underway for some time, and among the enhancements are additional security features. Suffolk Bancorp is a one-bank holding company engaged in the commercial banking business through the Suffolk County National Bank, a full service commercial bank headquartered in Riverhead, New York. “SCNB” is Suffolk Bancorp’s wholly owned subsidiary. Organized in 1890, the Suffolk County National Bank has 29 offices in Suffolk County, New York. Safe Harbor Statement Pursuant to the Private Securities Litigation Reform Act of 1995 This press release includes statements which look to the future. These include statements about the expected outcome of Suffolk Bancorp’s ongoing investigation of the data intrusion, expenses that may be incurred in connection with the data intrusion, and pending improvements in SCNB’s Online Banking services. These remarks are based on management’s current plans and expectations. They are subject, however, to a variety of uncertainties that could cause future results to vary materially from Suffolk’s current expectations, including, without limitation, additional results of the ongoing forensic investigations.



# # # # #













Disqus for ePayment News