How many victims? 8,378.
What type of personal information? Online banking login credentials.
What happened? The breach was discovered through a recent internal security review. It was determined that the unauthorized access occurred during a six-day-period between November 18 and 23, 2009.
Details: To date, there has been no evidence of unauthorized access to customer online banking accounts, SCNB said in a news release. The bank has not received any reports from customers of unusual activity or financial loss.
Quote: "The security of customers' information is of utmost importance to SCNB," J. Gordon Huszagh, president and CEO of Suffolk Bankcorp, said in a news release. "While we know that our diligence in this regard allowed us to uncover this incident, and to take action rapidly to protect our customers, we also recognize that the provision of financial services over the internet requires our dedication to continuous monitoring and security."
What was the response? SCNB launched an investigation of the incident with the assistance of outside forensics experts. They isolated and rebuilt the compromised server. In addition, they notified consumer reporting agencies, including Experian and TransUnion, along with various state government and law enforcement agencies, including the New York State Consumer Protection Board and the Office of Cyber Security and Critical Infrastructure Coordination.Affected customers will receive a free two-year subscription for credit monitoring services.
Source: News release, Suffolk Bankcorp, “Suffolk Bancorp Thwarts Data Intrusion at Banking Subsidiary,” Jan. 11, 2010.
