Officials at Suffolk County National Bank in Long Island, N.Y. this week are warning more than 8,000 customers that their account login information was likely compromised in November, when a hacker illegally accessed a server hosting its online banking system.
SCNB officials discovered the breach during a routine internal security review in late December. Investigators determined the unauthorized intrusion occurred during a six-day period between Nov. 18 and Nov. 23 of last year.
"The security of customers' information is of utmost importance to SCNB," Suffolk Bancorp CEO J. Gordon Huszagh said in a statement. "While we know that our diligence in this regard allowed us to uncover this incident, and to take action rapidly to protect our customers, we also recognize that the provision of financial services over the Internet requires our dedication to continuous monitoring and security."
Unlike other banks and financial institutions victimized by online hackers, Suffolk Bancorp (NASDAQ: SUBK), the parent company of SCNB, is telling investors just how much it will cost to investigate the data breach and improve security controls and technology to prevent future intrusions.
Right now, the company is allocating $351,000 for expenses which may or may not be incurred in responding to this incident. Executives told shareholders that additional expenses may be incurred to address additional issues, if any, uncovered in the course of completing the investigation.
So far, SCNB officials said there has been no evidence of unauthorized access to customer online banking accounts and it has not received any reports from customers of unusual activity or misappropriated funds.
It's also initiated an investigation of the incident with the assistance of outside forensics experts, isolated and rebuilt the compromised server and notified consumer reporting agencies, including Experian and TransUnion, along with various state government and law enforcement agencies.
Cyber attacks on financial institutions have become so commonplace that the Anti-Phishing Working Group (APWG), an industry consortium, in October created an entire new category for defining and quantifying attacks on financial institutions.
"Due to evolution of attack sophistication, it is becoming increasingly difficult to separate and report on attacks that are specifically designed to steal customer banking information," Dan Hubbard, CTO at security software vendor Websense, told InternetNews.com. "Additionally, attacks that only [look] for credentials from popular social networking, Webmail and gaming sites can lead to attacks for banking theft and crimeware."
Affected SCNB customers will receive a free two-year subscription for credit monitoring services.
"We have responded to this incident as promptly, diligently and forthrightly as we know how, and will continue to do so until it is fully resolved," Huszagh said. "We apologize for the concern, and any inconvenience caused by this incident."