Links in “Cybersecurity/Data Breaches”

The women’s clothing chain BeBe confirmed that its payment system was breached over a 2.5-week period last month and that the stolen data may have included cardholder names, account numbers, expiration dates, and verification codes. [12/8/14]

Speaking on the OCC's overall approach to examinations, BSA/AML, and cybersecurity, the Comptroller of the Currency Thomas Curry encouraged all financial institutions to join the Financial Services Information Security and Analysis Center (FS-ISAC). The FS-ISAC is a public-private sector partnership that provides access to information regarding data security. [12/4/14]

A Minnesota federal court judge has ruled that Target had a duty to protect debit and credit card information from cyber thieves. This means that the plaintiffs, which include CSE Federal Credit Union, can proceed with their case for damages based on Target’s negligence in protecting consumer data. [12/4/14]

Judge refuses Target's bid to dismiss a suit filed by five banks against it for damages sustained from the retailer's data breach. Judge says case will aid in policy of "punishing companies that do not secure consumers' credit- and debit-card information." [12/3/14]

The FBI has issued a flash alert about a highly malicious and destructive malware attack against an unnamed American company. The attack, which is believed to have been against Sony Pictures Entertainment, involved wiper malware that, among other things, can overwrite the master boot record causing an operating system to fail. [12/3/14]

A recent segment on National Public Radio’s “All Things Considered” followed a security expert who showed how easy it is for a hacker to infiltrate a retailer’s point-of-sale network. The expert noted that point-of-sale terminals connected to networks are often left unattended and that no one noticed when he paid more attention to the retailer’s computer network connection than to merchandise. The segment concluded that retailers have little incentive to take responsibility for data breaches when financial institutions are picking up the tab for the losses. [11/26/14]

Target's attorneys argue that the retailer isn't responsible for reimbursing banks that claim to have lost millions of dollars after last year's hack because card payments are processed through third-party intermediaries. [11/24/14]

A security alert from an Atlanta firm warns that fraudsters may be getting access to member information when members misdial their credit union’s phone number. The scam, which is being called the “Misdial Trap,” was discovered by a $1 billion credit union in the Northwest and may be affecting more than 100 other credit unions and banks. See how the fraudsters are pulling this off. [11/20/14]

Dridex, a malware that used macros embedded in Microsoft documents, is the newest cyber threat that credit unions and banks need to be aware of. Here’s how it works. Hackers initiate high-volume phishing attacks that contain attachments, usually word documents that look like invoices or accounting statements, which are embedded with the malicious Visual Basic code. [11/19/14]

EMV is going to increase card fraud in the U.S., which accounts for 25% of global card volume, but attracts 50% of all card fraud. [11/19/14]