Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive
150x172_CUEffect.jpg
Contacts
LISA MCCUEVICE PRESIDENT OF COMMUNICATIONS
EDITOR-IN-CHIEF
MICHELLE WILLITSManaging Editor
RON JOOSSASSISTANT EDITOR
ALEX MCVEIGHSTAFF NEWSWRITER
TOM SAKASHSTAFF NEWSWRITER

News Now

CU System
TraceSecurity 95 of FIs tested still vulnerable to theft
BATON ROUGE, La. (9/10/08)--About 95% of U.S. financial institutions’ sensitive data, including account records and social security numbers, could have been robbed in 30 minutes or less on average, said TraceSecurity, a CUNA Strategic Services provider. Between 2003 and 2008, TraceSecurity’s engineering team compromised the security of 1,000 financial institutions. Had the attempts been legitimate, the personal identity of tens of millions of consumers could have been stolen, the company said. The statistics are based on a group of TraceSecurity’s clients, including credit unions, with asset sizes ranging up to $2.7 billion in 48 states. “I’ve been able to bypass security policies, procedures and technology of any bank or credit union where I’ve performed social engineering engagements 100% of the time,” said Jim Stickley, TraceSecurity co-founder and chief technology officer. The tests were based on penetration testing, remote social engineering and onsite social engineering. Penetration testing employs hacking into a company’s network through the Internet to check for vulnerabilities. Social Engineering tests include phishing, pharming, pre-text calling and onsite impersonation of a third party. For onsite social engineering tests, TraceSecurity engineers disguise themselves as fire marshals or pest inspectors. They gain entry 95% of the time to areas in financial institutions with sensitive data, the company said. Backup tapes storing sensitive data were the easiest target to steal while being undetected by employees. Other items stolen in the test heists include loan applications, laptops, cell phones, personal digital assistants, and keyboard data. “It takes only one branch location for all [members’] sensitive data to be at risk, and recent data breaches have shown these losses can amount to billions of dollars--a huge cost for what’s usually a small, avoidable error,” Stickley said. TraceSecurity provides security risk and compliance solutions.
Other Resources

RSS





print
News Now LiveWire
Record # of applicants for Crash the GAC means every state & D.C. will B represented by young #CU professional at #CUNAGAC #crashthegac15
13 hours ago
.@WOCCU and @CUNA are co-hosting 2015 America’s CU Conference July 12-15 in Denver. Registration is open here: http://t.co/FanFeaO0bC
13 hours ago
Recording of @CUNA Jan. 26 #rbc2 webinar is now available online here: http://t.co/jgxkd65Fj0 Just sign in and listen.
14 hours ago
.@SEC_News 2/19 proxy voting roundtable: contested director elections, increasing retail shareholder participation http://t.co/8k0p6ZvNL8
14 hours ago
.@TheNCUA posted resources 2 help consumers protect themselves,take action if they believe they were ID theft victims:http://t.co/HVaikbuT9H
15 hours ago