Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
TraceSecurity 95 of FIs tested still vulnerable to theft
BATON ROUGE, La. (9/10/08)--About 95% of U.S. financial institutions’ sensitive data, including account records and social security numbers, could have been robbed in 30 minutes or less on average, said TraceSecurity, a CUNA Strategic Services provider. Between 2003 and 2008, TraceSecurity’s engineering team compromised the security of 1,000 financial institutions. Had the attempts been legitimate, the personal identity of tens of millions of consumers could have been stolen, the company said. The statistics are based on a group of TraceSecurity’s clients, including credit unions, with asset sizes ranging up to $2.7 billion in 48 states. “I’ve been able to bypass security policies, procedures and technology of any bank or credit union where I’ve performed social engineering engagements 100% of the time,” said Jim Stickley, TraceSecurity co-founder and chief technology officer. The tests were based on penetration testing, remote social engineering and onsite social engineering. Penetration testing employs hacking into a company’s network through the Internet to check for vulnerabilities. Social Engineering tests include phishing, pharming, pre-text calling and onsite impersonation of a third party. For onsite social engineering tests, TraceSecurity engineers disguise themselves as fire marshals or pest inspectors. They gain entry 95% of the time to areas in financial institutions with sensitive data, the company said. Backup tapes storing sensitive data were the easiest target to steal while being undetected by employees. Other items stolen in the test heists include loan applications, laptops, cell phones, personal digital assistants, and keyboard data. “It takes only one branch location for all [members’] sensitive data to be at risk, and recent data breaches have shown these losses can amount to billions of dollars--a huge cost for what’s usually a small, avoidable error,” Stickley said. TraceSecurity provides security risk and compliance solutions.
Other Resources

RSS print
News Now LiveWire
How may falling gas prices impact the U.S. economy? Find out tomorrow in #NewsNow #Market
20 minutes ago
News of the comp. for tomorrow: Big bank unveils plans for massive $6.5 billion new headquarters #NewsNow #Market
1 hours ago
Consumer confidence surges to 7-year high #NewsNow #Market
2 hours ago
Charlotte Cash, CEO of @COFCU , is engaging members by producing videos on various subject of financial interest to members.
2 hours ago
@CFPB today finalized a rule to promote more effective privacy disclosures from financial institutions to their customers. Watch News Now
3 hours ago