NY Bank Suffers Online Breach
8300+ Customers Compromised by Hack A Long Island, NY bank announced this week that more than 8,300 of its online banking customers had their log-in credentials stolen in a data breach that occurred last November.The Suffolk County National Bank in Riverhead, NY says the breach of a server that hosts its online banking system happened over a six-day period starting on Nov. 18. The breach was discovered on Dec. 24, during an internal security review, the bank says in its announcement. Information on 8,378 online accounts was taken, but so far no money has been removed from those accounts.
"Although the intrusion was limited in duration and scope, SCNB immediately isolated and rebuilt the compromised server and took other measures to ensure the security of data on the server," the announcement says.
The bank says it has notified the consumer reporting agencies (Experian, Trans Union and Equifax) of the incident, along with the Office of the Comptroller of the Currency, its primary regulator; the New York State Consumer Protection Board; the New York State Office of Cyber Security & Critical Infrastructure Coordination; and law enforcement agencies. It also sent letters to all affected customers on Monday.
The bank has also arranged for credit monitoring services for two years for impacted consumers. The business customers that were affected will receive Positive Pay service from the bank, or Deluxe Security Checks, with the bank paying for those services.
Additionally, the bank says it has taken a number of additional steps to minimize any possible effect of this incident on its customers. It says it immediately launched an aggressive investigation of the incident with assistance from outside experts in forensics.
"The security of customers' information is of utmost importance to SCNB," says J. Gordon Huszagh, President and Chief Executive Officer. "While we know that our diligence in this regard allowed us to uncover this incident, and to take action rapidly to protect our customers, we also recognize that the provision of financial services over the Internet requires our dedication to continuous monitoring and security."