[ISN] Cyber crooks dip into Frost accounts

From: InfoSec News (isn@private)
Date: Fri May 19 2006 - 00:16:05 PDT


http://www.mysanantonio.com/business/stories/MYSA051906.01E.frosttheft.216bbd06.html

William Pack
Express-News Business Writer 
05/19/2006

Hackers dipped into the accounts of about 100 Frost Bank customers
after they took Visa debit card information from the database of an
unnamed national retailer and went on a spending spree, Frost
officials said Thursday.

The information system breach compromised credit card accounts with
banks across the nation, Frost Bank officials said, although Frost was
apparently the only one to acknowledge that it was advising affected
customers of the incident. The bank restored funds to accounts that
sustained losses.

"We want our customers to know they have no liability," said Senior
Vice President Sharion Scott.

Frost, which is contacting affected customers by letter or phone, did
not divulge the amount lost.

A statement from Visa USA said a domestic merchant had notified the
company that a data security breach may have compromised Visa card
account information. Visa said it alerted affected financial
institutions.

The credit-card company did not reveal the number of affected
institutions, the retailer involved or the time of the thefts.

In a letter to affected customers, Frost said Visa had advised bank
officials that Visa, MasterCard, and other debit and credit card
numbers from banks across the country could have been compromised.  
Officials at Bank of America, Citigroup and Wachovia said they did not
have enough information to comment Thursday.

The incident is lumped in with the burgeoning wave of identity theft
that financial institutions are combating. A 2004 Justice Department
study said about three of every 100 U.S. households had been recent
victims of identity theft.

But in this case, no names, Social Security numbers or other personal
identification were taken, Scott said. Visa told the bank that
personal identification numbers of credit card customers and account
numbers were stolen when a national retailer's database was breached.

The cyber intruders gained access to about 9,300 Frost debit card
accounts but used less than 1 percent of them, Scott said.

She emphasized that the break-in affected another company's data
system, not Frost Bank's.



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com



This archive was generated by hypermail 2.1.3 : Fri May 19 2006 - 00:41:15 PDT