[ISN] Florida Bank Suffers Online Security Breach

From: InfoSec News (isnat_private)
Date: Fri Apr 19 2002 - 01:54:09 PDT

  • Next message: InfoSec News: "Re: [ISN] Security, Disaster Recovery Issues After Sept. 11"

    By Brian McWilliams, Newsbytes
    18 Apr 2002, 10:04 AM CST
    A large commercial bank in Florida said Wednesday that "an Internet
    hacker" penetrated the security of its systems earlier this month and
    made off with a file containing 3,600 online-banking customer names
    and addresses.
    Officials of Republic Bank said the attacker managed to get past the
    bank's security firewalls but did not access account balances or
    transactions of its online banking customers.
    According to Internet records, the server hosting Republic's online
    bank, located at http://secure.republic.openbank.com , is operated by
    Atlanta-based S1 Corp. [NASDAQ:SONE], a leading provider of electronic
    finance services to banks, credit unions, insurance providers and
    investment firms.
    Chris Rogers, a spokesperson for S1, said the technology firm's
    systems and applications were not involved in the security incident at
    "Nothing came in through us. This had nothing to do with S1," said
    Republic Bank's main Web site at http://www.republicbankfl.com is
    running Microsoft's Internet Information Server (IIS) version 4.0 and
    is hosted by Advances.com of Ft. Lauderdale.
    A spokesperson for Republic said the bank learned of the security
    breach after the attacker contacted the bank two weeks ago. Republic
    withheld notifying customers about the incident until Wednesday at the
    request of the FBI, the representative said.
    Republic spokesperson Harry Costello said he had no information about
    why the attacker contacted the bank about the breach, or whether the
    individual was cooperating with Republic.
    Republic's customers who do not use online banking were unaffected by
    the security breach, according to the company.
    The bank has hired an independent team of security consultants to
    review its security, according to a press release.
    According to Costello, Republic has begun contacting affected
    customers and will give them the option of changing their passwords
    and other sign-on information.
    Republic Bank originally partnered with S1 in 1996 to become the first
    Florida-based bank to offer Internet banking to its customers,
    according to a March press release.
    Republic Bank is online at http://www.republicbankfl.com
    S1 Corporation is at http://www.s1.com
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 05:08:22 PDT