Incidents on personal data abuse affecting banks

by: Sonny Zulhuda

In my last post I made note about why banks should or must care to protect the personal data with them. In this post I just want to put that note in real perspective, learning from real cases and incidents involving major banks in the world.

First, it was reported that Citigroup breach exposed data on 210,000 customers (here for the full report)

Citigroup admitted Wednesday (June 8th, 2011) that an attack on its website allo

wed hackers to view customers’ names, account numbers and contact information such as email addresses for about 210,000 of its cardholders in North America. Although hackers may have not gained complete information on cardholders, the contact information is enough for scammers to try and elicit more information through targeted attacks. The email addresses, for example, could be used to send “phishing” messages asking for other sensitive information which could potentially give identity thieves enough to start committing fraud.

Second,  you’ll see how Data breaches lead to massive fines for three HSBC firms (here for the report)

Three HSBC firms have been fined more than £3 million by the Financial Services Authority (FSA) for failing to secure customer data. The FSA claimed the three firms sent large amounts of unencrypted data – often on discs sent via the post – and staff were untrained on the issue of identity theft. The FSA said that, in April 2007, HSBC Acutaries lost a floppy disk in the post that contained 1,917 pension numbers and addresses. And, in February 2008, HSBC Life lost an unencrypted disk holding data on 180,000 policy holders – also in the post.

Continue reading

Advertisements

“Social Engineering” a.k.a. Phishing

By: Sonny Zulhuda

Yay! I opened my Inbox this morning and I just won another LOTTERY I never participated in! Feeling lucky don’t you? This is what I just received:

 

 

 

PRIZE AWARD NOTIFICATION!!!

We are pleased to inform you of your Email Success in our Computer Balloting made today for winners from the AUSTRALIAN LOTTERY EMAIL AWARD, as part of our Promotional Draws held this month.

This is a Scientific Computer Game in which your Email Address was used. It is a Promotional Program by AUSTRALIAN LOTTERY EMAIL AWARD.It is a Promotional Program that chooses emails world wide to encourage Internet users; therefore you do not require buying Ticket to enter for it. This is an Email Internet Program were winners are randomly selected from all over the world through Computer Draw System and extracted from over 800,000 Email Addresses from Unions, Association and Corporate Bodies listed online.

Below are your Winning Details:
Reference No: 575061725
Batch No: 056490902/188
Ticket No: 07-42-97-66-11-00
Winning Number No: ILP/HW46704/08

Wow. You don’t think I would rush checking for the accuracy or genuineness of this award right? Of course not, because for one simple reason, this kind of message could not deserve even a curiosity let alone excitement. This is obviously a phishing message which is a gateway to identity theft.

Continue reading

  • October 2019
    M T W T F S S
    « Sep    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,630 other followers