41 Banking Breaches So far in 2010

Account Takeover a Top Concern for Banks, Businesses
41 Banking Breaches So far in 2010
There have been 41 data breaches involving financial institutions so far in 2010 - well on the way to surpassing the 62 such incidents in all of 2009.

But it isn't the number of incidents that concerns Linda Foley, head of the Identity Theft Resource Center, which tracks these breaches. Rather, it's the trend of corporate account takeover resulting from ACH and wire fraud.

"There hasn't been a lot of outreach to the business community on this threat," Foley says. "They need a list of 'What to do to protect your business account, now.'"

The other area of concern to Foley is the pattern of retail merchants and restaurants being hit by fraudsters. "There may be a pattern or common cause here, thus the Secret Service is following the trail," she says.

For a complete look at the year's financial services-related breaches, view this timeline of incidents, breaking them down by month and type of breach.

Breach Notification At Hand?

While data breaches continue to occur, Congress is mulling legislation that would create a federal notification act. One bill pending on the floor of the U.S. Senate is Senate Bill 139, sponsored by California Sen. Diane Feinstein. The Data Breach Notification Act would cover any agency or business that uses or stores personal identifiable information and make it mandatory that if a breach occurred, the victims would be informed.

This bill, along with the recently reintroduced Carper-Bennett legislation, is aimed to protect consumers and businesses from identity theft and account fraud. The Carper-Bennett legislation, entitled the Data Security Act of 2010, applies to financial institutions, retailers and government agencies, and would require these entities to: safeguard sensitive information, investigate security breaches and notify consumers when there is a substantial risk of identity theft or account fraud.

These bills are all possible action items for the Consumer Financial Protection Bureau. With more than 200 rules still to be issued as a result of the Dodd-Frank bill, privacy, data security and stewardship issues will continue to be front and center for some time, Foley says.

In particular, Foley says, the Feinstein bill offers businesses a safe harbor clause, but with conditions. "It offers coverage of reasonable risk, though they must submit their entire breach event facts to law enforcement to be covered under the safe harbor clause," she says. "We need a single data breach list -- these state notification laws are piecemeal and don't give full disclosure to victims."

The Feinstein bill is still open on the Senate floor, along with the Carper-Bennett bill. No date has been set for committee hearings on either bill. Both the House of Representatives and the Senate are on summer break until September 13.

For now, the underreporting of data breaches remains a problem, Foley says. The ITRC is one of several organizations tracking data breaches in the United States. Example: The New York list of data breaches that was made public this spring had more than 200 breaches that had not been reported by any news media, she says. This is a problem not just for the victims of those data breaches, but for other potential victims. "The only thing that underreporting or hiding breaches is doing," Foley says "is allowing criminals to do the same thing to other businesses without law enforcement becoming aware and investigating them."

See: 2010 Data Breach Timeline

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.