Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
TraceSecurity 95 of FIs tested still vulnerable to theft
BATON ROUGE, La. (9/10/08)--About 95% of U.S. financial institutions’ sensitive data, including account records and social security numbers, could have been robbed in 30 minutes or less on average, said TraceSecurity, a CUNA Strategic Services provider. Between 2003 and 2008, TraceSecurity’s engineering team compromised the security of 1,000 financial institutions. Had the attempts been legitimate, the personal identity of tens of millions of consumers could have been stolen, the company said. The statistics are based on a group of TraceSecurity’s clients, including credit unions, with asset sizes ranging up to $2.7 billion in 48 states. “I’ve been able to bypass security policies, procedures and technology of any bank or credit union where I’ve performed social engineering engagements 100% of the time,” said Jim Stickley, TraceSecurity co-founder and chief technology officer. The tests were based on penetration testing, remote social engineering and onsite social engineering. Penetration testing employs hacking into a company’s network through the Internet to check for vulnerabilities. Social Engineering tests include phishing, pharming, pre-text calling and onsite impersonation of a third party. For onsite social engineering tests, TraceSecurity engineers disguise themselves as fire marshals or pest inspectors. They gain entry 95% of the time to areas in financial institutions with sensitive data, the company said. Backup tapes storing sensitive data were the easiest target to steal while being undetected by employees. Other items stolen in the test heists include loan applications, laptops, cell phones, personal digital assistants, and keyboard data. “It takes only one branch location for all [members’] sensitive data to be at risk, and recent data breaches have shown these losses can amount to billions of dollars--a huge cost for what’s usually a small, avoidable error,” Stickley said. TraceSecurity provides security risk and compliance solutions.
Other Resources

RSS print
News Now LiveWire
Tech. advances don't dampen consumer #cybersecurity concerns #NewsNow
4 hours ago
.@TheNCUA board unanimously voted today to designate board member Rick Metsger as vice chairman, effective immediately.
5 hours ago
We really want to hear from our readers. Please take the News Now survey:
6 hours ago
Advanced technologies don't quell cybersecurity fears #NewsNow
7 hours ago
.@CentralMaineCom reports #creditunions have issued thousands of new cards to proactively protect members from Home Depot data breach.
8 hours ago