On Dec. 2, traffic to certain online bill payment websites operated by CheckFree was redirected to a website in Ukraine capable of infecting users' computers with malware.  The malware could have allowed users' information to be transmitted to a server controlled by persons in the Ukraine.

CheckFree, a business unit of Fiserv, is a provider of financial electronic commerce services and products.

How many victims?
160,000 users are estimated to have been exposed to the malicious software based on typical traffic patterns but the company is notifying over 5 million customers.

What type of personal information?
Passwords, usernames and other unspecified information.

What was the response? The company is notifying potentially affected individuals, providing a McAfee software solution that will detect and remove the offending malicious software and two years of credit monitoring service.  The company has notified the Federal Bureau of Investigation, the three major consumer reporting agencies, the five principal federal financial institution regulators, the Federal Trade Commission, the Securities & Exchange Commission, and the Commodities Futures Trading Commission.

Details: Only individuals using a computer with the Window’s operating system are potentially affected.

Source: http://doj.nh.gov/consumer/pdf/fiserv.pdf, Dec. 12, 2008.