2010 Data Breach Timeline

Interactive Timeline to Breaches Involving U.S. Financial Institutions

Editor's Note: The following is a list of data breaches that have affected U.S. financial institutions in 2010. The information was compiled from the 2010 Data Breach Report by the Identity Theft Resource Center (ITRC), based in San Diego.





List of Reported Breaches



January

First Interstate Mortgage Corp.

Las Vegas, NV

Records Taken: 230

Type of Breach: Missing paper documents

January 26

See Also: Live Webinar | App Defined, Autonomous and Delivered from the Cloud



Gregory Navone, a mortgage broker in Las Vegas who discarded consumers' personal financial records in a publicly- accessible dumpster paid a $35,000 civil penalty to

settle Federal Trade Commission charges according to a FTC statement on January 21. According to an FTC, the defendant improperly disposed of about 40 boxes of sensitive consumer records collected by companies he had owned, including tax returns, mortgage applications, bank statements, photocopies of credit cards and drivers' licenses, and at least 230 credit reports.



Lincoln National Financial Securities

Radnor, PA

Records Taken: 1,200,000

Type of Breach: Exposure of data on Web

January 14



A vulnerability in the portfolio information system for broker-dealer subsidiaries of Lincoln National Corp. potentially exposed the records of 1,200,000 people; 18,900 were New Hampshire residents. Lincoln National notified the Attorney General of New Hampshire on January 4, that although an outside forensic review found no reason to believe that client data were actually accessed or misused, "information such as names, addresses, Social Security numbers, account numbers, account registration, transaction details, account balances, and in some cases, dates of birth and email addresses had been potentially exposed."



Suffolk County National Bank

Long Island, NY

Records Taken: 8,300

Type of Breach: Outside Network intrusion

January 13



Hackers stole the login credentials for more than 8,300 customers of Suffolk County National Bank after breaching its security starting on Nov. 18, 2009 and accessing a server that hosted its online banking system. The intrusion happened over a six-day period and was discovered on December 24 during an internal security review. In all, credentials 8,378 online accounts were pilfered, a number that represents less than

10 percent of the bank's total accounts.

Eastern Bank Corp.

Lynn, MA

Records Taken: 2,500

Type of Breach: Accidental breach

January 4



Eastern Bank Corp. of Lynn, MA disclosed in September 2009 that it mailed financial data regarding about 2,500 customers to the wrong addresses. Bank spokesperson Joe Bartolotta, says the bank welcomed the new Massachusetts state law requiring strong data security measures.



Citizens Bank, Bank of America

Quincy, Milton, Braintree, Somerville, Saugus, Mass.

Records taken: Unknown

Type of Attack: ATM Skimming

January 22

The Secret Service broke up a ring of ATM skimmers in Massachusetts with the arrest of three suspects. Authorities charged Anton Venkov, Vladislav Vladev and Ivaylo Hristov with skimming bank cards. The three stole debit and credit card data and PIN numbers by placing scanner devices and hidden cameras in ATM machines at several locations. Authorities believe they have stolen at least $100,000 from customers at Citizens Bank and Bank of America and this gang is responsible for most of the recent ATM thefts in eastern Massachusetts.



February

Wachovia Bank

Alexandria, VA

Records Taken: Unknown

Type of Breach: Skimming

Date: February 28

Criminals in Alexandria, VA, stole more than $60,000 using a skimming device installed on an ATM at a Wachovia Bank branch last month. The skimming device was found by an ATM technician on February 28. The technician took photos of the device and then went inside the bank to report it, says Alexandria police detective David Hoffmaster. By the time the technician came back, the device had been removed.



US Bank

Norwood, OH

Records Taken: 120

Type of Breach: Skimming

Date: February 27

An ATM skimming gang hit a Norwood, Ohio bank and stole $50,000 from more than 120 customer accounts. Norwood police say they are looking for four men who used a skimming device to steal customers' ATM card information from a US Bank ATM. Police say the skimmer was put on the bank's ATM on the weekend of February 27 and removed before March 22. The suspects apparently waited a week to begin taking money from the accounts.

Citi Group

New York, NY

Records Taken: 600,000

Type of Breach: Accidental breach

February 26



About 600,000 Citigroup customers got a shock in February when they received their annual tax documents - with their Social Security numbers printed on the outside of the envelope. CitiGroup states that the numbers were surrounded by other numbers and letters "that resembled a mailing routing number." At least 50 of the customers have complained about the gaffe to Citi.

Â

LPL Financial Corp.

San Diego, CA

Records Taken: Unknown

Type of Breach: Stolen or missing hardware

DATE: February 24

LPL Financial Corp. says that an unencrypted portable drive was stolen out of an employee's vehicle on February 24. The financial services company informed the New Hampshire Attorney General that the portable drive contained names, date of birth and Social Security numbers.

Â



SunTrust Banks,

Hillsborough, FL

Records Taken: Unknown

Type of Breach: Skimming

February 24



According to a federal complaint filed in Florida four Bulgarian men put "skimmers" on ATM machines at SunTrust banks in Hillsborough and Pinellas counties last summer and skimmed identifying information on hundreds of bank accounts. One of the men has been arrested, the other three are still at large, say police.



ING Fund

Scottsdale, AZ

Records Taken: 106

Type of Breach: Exposure of data on Web

February 18



On January 25, an ING customer discovered that she could access client information on the ingfunds.com web site and notified her stockbroker. In investigating the situation, ING discovered that since August 2008, a file containing the names, addresses, Social Security numbers, and account numbers of 106 ING shareholders had been available on the web through a search engine. The company notified the New Hampshire Attorney General on February 3 that 17 residents of the state were affected.



Ameriquest Mortgage

Minneapolis, MN

Records Taken: 100

Type of Breach: Insider Theft

February 2



A man who worked for Ameriquest Mortgage Company for 6 weeks stole enough mortgage application information to steal nearly 100 people's identities. According to the federal indictment against him, Jason Tauer, a Robbinsdale, MN resident worked for Ameriquest from March 15 through April 29, 2005. Only a few months later, money began disappearing from Ameriquest customers' bank accounts and credit card accounts. In all, Tauer stole $150,000 from his victims.





Wachovia Bank

Alexandria, Va.

Records taken: Unknown

Type of Attack: ATM Skimming

February 28

Criminals in Alexandria, Va, stole more than $60,000 using a skimming device installed on an ATM at a Wachovia Bank branch. The skimming device was found by an ATM technician on Feb. 28. The technician took photos of the device and then went inside the bank to report it, says Alexandria police detective David Hoffmaster. By the time the technician came back, the skimming device had been removed.



U.S. Bank

Norwood, Ohio

Records taken: 120

Type of Attack: ATM Skimming

February 27

An ATM skimming gang hit a Norwood bank and stole $50,000 from more than 120 customer accounts. Norwood police say they are looking for four men who used a skimming device to steal customers' ATM card information from a U.S. Bank ATM. Police say the skimmer was put on the bank's ATM on the weekend of Feb. 27 and removed before March 22. The suspects apparently waited a week to begin taking money from the accounts.



SunTrust Banks,

Hillsborough, Fla.

Records taken: Unknown

Type of Attack: ATM Skimming

February 22

According to a federal complaint filed in Florida, four Bulgarian men put skimmers on ATM machines at SunTrust banks in Hillsborough and Pinellas counties last summer and skimmed identifying information on hundreds of bank accounts. One of the men has been arrested; the other three are still at large, police say.

Â

March

Union First Market Bank

Richmond, VA

Records Taken: 1000

Type of Breach: Exposure of data on Web

Date: March 22

A bad file that went awry during a bank merger caused a security breach at a community bank in Virginia. Some Union First Market Bank customers found that their bank account information was accessible to other customers after two banks, Union Bank and Trust Company and First Market Bank, merged on March 22. Bank officials say that when online bill-pay accounts were transferred from First Market Bank to Union First Market Bank, a bad file containing information of around 1000 customers was sent. That data then was accessible to some other customers.



Fifth Third Bank

Grand Rapids, MI, Cincinnati, OH

Records Taken: Unknown

Type of Breach: Unknown Cause

Date: March 19



A security breach through a third-party vendor has prompted Fifth Third Bank, Cincinnati, OH, to send new debit cards to an undisclosed number of banking customers in Michigan and Ohio. Fifth Third Bank has banking branches in 12 states. The third-party vendor was not identified, but a limited number of customers were sent new cards and a notification letter that stated the debit cards "may have been compromised," but that other personal data, including Social Security numbers was not accessed. The number of affected customers was not disclosed.



PNC Financial Services

Pittsburgh, PA

Records Taken: Unknown

Type of Breach: Outside Network Intrusion

Date: March 18



In a class action suit filed in California 16 former customers of Countrywide Financial charge that Countrywide's employees stole and sold their personal financial information, invading their privacy and exposing them to identity theft.

Countrywide Financial

Ventura County, CA

Records Taken: Unknown

Type of Breach: Insider theft

DATE: March 15

Â

PNC Financial Services says that former National City Bank debit accounts were compromised in a system wide breach that affects former National City Bank customers. National City Bank, based in Cleveland, OH, was acquired by PNC in December 2008. Bank spokesperson Fred Solomon says current PNC customers were not affected, and the National City Bank debit cards affected were only in the Cincinnati, OH area. The bank says the customers' debit cards were compromised shortly before the acquisition occurred in 2008. The bank would not reveal how many accounts were hit, or how much money was taken.

John Hancock Financial

Boston, MA

Records Taken: Unknown

Type of Breach: Stolen or missing hardware

Date: March 13



John Hancock, a Boston, MA insurer owned by Toronto insurer Manulife Financial, reported on March 13 that a partner could not locate a CD containing customer information, including names, dates of birth, and Social Security numbers of 1,085 Massachusetts residents. The company said the CD was password-protected and encrypted, but has offered credit monitoring to customers whose information may have been compromised. The company did not disclose how many persons' data was on the disk.



TD Bank

Mount Laurel, NJ

Records Taken: 13

Type of Breach: Insider Theft

Date: March 13



A former switchboard operator for TD Bank in Mount Laurel, NJ took customer information and gave it to accomplices who in turn withdrew more than $200,000 from 13 bank customers' accounts, says the U.S. Attorney's Office in Philadelphia. Talayah Little, 26, of Hainesport, NJ, has been fired by the bank and was indicted by federal agents on March 13.



US Bank

Richmond Heights, OH

Records Taken: Unknown

Type of Breach: Stolen or missing hardware

Date: March 11



A financial advisor at US Bank in Richmond Heights, OH reported on March 1 that a laptop was missing from his desk. The advisor told police the laptop contained sensitive customer data.

Securities and Exchange Commission



Philadelphia, PA

Records Taken: Unknown

Type of Breach: Stolen or missing hardware

Date: March 1



TD Bank, N.A. and T.D. Wealth Management Services reported to the Maryland Attorney General's office that a laptop stolen on June 11, 2009 from the office of the Securities and Exchange Commission in Philadelphia contained customer account information, names, and Social Security numbers. The letter was posted to the Maryland OAG site on March 1. Although the data were encrypted, the letter states, "it is possible that security access information may also have been stolen with the computer."



Assurity Financial Services

Englewood, CO

Records Taken: 487

Type of Breach: Outside Network intrusion

Date: March 1



Colorado-based Assurity Financial Services reported to the Maryland Attorney General's office the unauthorized use of their database of clients in March 2009, among which were 487 Maryland clients. The letter was posted to the OAG website on March 1. The company did not state how many customers were affected nationwide. Assurity told affected customers that an unauthorized individual used customer information to either apply for payday loans or to setup bank accounts to accept the funds from the payday loan.



Virgin Money USA Inc.

Waltham, MA

Records Taken: Unknown

Type of Breach: Outside Network intrusion

Date: March 1





Virgin Money USA reported to the Maryland Attorney General's office that a former employee had accessed Virgin Money USA customer information on its network. The letter was published on the OAG website on March 1. The former employee accessed names, social security numbers from mortgage applications. The former employee told investigators his intent was to generate business for himself and his new employer. The employee was fired by his new employer when the crime was revealed.



Ally Bank

Philadelphia, PA

Records Taken: Unknown

Type of Breach: Outside Network intrusion

Date: March 1



According to the Maryland Attorney General's website, Ally Bank, an online bank based in Philadelphia, PA, informed the AG on August 27, 2009 that a former employee stole bank customers' names, addresses, dates of birth and social security numbers. There was no notification letter available on the OAG website.



Wells Fargo/Wachovia Bank

Charlotte, NC

Records Taken: 953

Type of Breach: Stolen or missing hardware

Date: March 1



A backup hard drive containing the names, social security numbers and bank account information for 953 Wachovia customers was stolen from a law office in Irvine, CA used by Wachovia Dealer Services. In a notification letter to the Maryland Attorney General, the bank says the drive was stolen on June 11, 2009. The letter was posted to the OAG website on March 1 and did not state how many bank customers were exposed nationwide.



Partnership Federal Credit Union

Washington, DC

Records Taken: 22Type of Breach: Accidental breach

Date: March 1



The Partnership Federal Credit Union reported to the Maryland Attorney General on July 22, 2009 that an internal data file had been discovered on a computer outside of the secured network earlier in the summer. This may have potentially exposing personal and financial information. The letter was posted to the OAG website on March 1.



Telhio Credit Union

Columbus, OH

Records Taken: Unknown

Type of Breach: Insider Theft

Date: March 1



Telhio Credit Union reported to the Maryland Attorney General in a December 22, 2009 letter that a former employee had downloaded a report with customer personal and financial information before leaving his employment in early August 2009. One Maryland resident's information was in that report. It was not stated how many others may have been affected nationwide.



M&T Bank

Baltimore, MD

Records Taken: 39

Type of Breach: Missing Paper Documents

Date: March 1



M&T Bank reported to the Maryland Attorney General in a letter dated December 18, 2009 that a courier carrying work for a Baltimore branch was robbed on December 15, 2009. In the courier's bag were 39 customers' checks.



BlackRock

New York, NY

Records Taken: 61

Type of Breach: Accidental breach

Date: March 1



BlackRock, a global investment firm, reported to the Maryland Attorney General in a letter dated October 29, 2009 that a third party (PNC Global Investment Servicing) delivered CDs containing personal shareholder information to another financial institution client in December 2008. At least a few of that client's employees accessed the data. The info included names, address, tax identification numbers, or social security numbers. No total breach number was given.

Proxima Alfa Investments

New York, NY

Records Taken: Unknown

Type of Breach: Stolen or missing hardware

DATE: March 29

Proxima Alfa Investments, which is in liquidation and ceased operations mid-2009, informed the New Hampshire Attorney General in February that it discovered that an unspecified number of backup tapes as well as some other items were missing from the firm's New York office. The discovery was made in November 2009. The firm says the tapes may have been stolen sometime between September 2009 and October 2009. Personal information on the tapes included names, addresses, email addresses, telephone numbers, Social Security numbers, bank account information, tax ID numbers, passport numbers or scanned copies of passports.

April

Federal Deposit Insurance Corp.

Overland Park, KS

Records Taken:Unknown

Type of Breach: Insider Theft

DATE: April 2

A former employee of the Federal Deposit Insurance Corp. (FDIC) pleaded guilty on April 2 to leaking confidential customer information while she was working at an Overland Park, Kansas bank that had been taken over by the banking regulator.

Â

ESB Financial, Emporia State Bank

Emporia, KS

Records Taken: 3,097

Type of Breach: Exposure of data on Web

Date: April 23

Emporia State Bank officials announced that 7 years ago a data backup was sent to an unauthorized storage source. A total of 3,097 customers' personal data could have been exposed by the backup. An outside computer specialist did not realize what had happened, and knowledge of the problem did not surface for seven years, when someone stumbled onto information and numbers during an Internet search. Bank officials say that names, addresses, account numbers and, in some cases, Social Security numbers, would have been available to someone who found them on the Internet.

PNC Bank

Pittsburgh, PA

Records Taken: Unknown

Type of Breach: Skimming

Date: April 15

The Western Pennsylvania Financial Crimes Task Force began an investigation into skimming incidents after it got information from PNC Bank that in January more than $200,000 in fraudulent credit and debit card purchases had been made in New York City and Washington, D.C. The investigators were able to trace the compromised accounts to ATMs in Pittsburgh, according to a criminal complaint filed in the case. Alexandra Razvan Serb and Mihai Popa, both Romanians, were arrested on April 15 and are charged with bank fraud, access device fraud and aggravated identity theft.

Bank of America

Charlotte, NC

Records Taken: Unknown

Type of Breach: Insider

Date: April 1



A North Carolina bank worker faces jail time for ATM fraud after allegedly changing the ATM computer code at Bank of America networks so that the machines would dispense cash and not record the transactions. The U.S. Attorney for the Western District of North Carolina filed documents in court on April 1, alleging that Rodney Reed Caverly plotted to deploy malicious computer code within the company's systems so that ATM machines would dispense cash without any record of a transaction. Caverly maintained and designed computer systems at Bank of America, including ATMs. With the malicious code in place, Caverly was able to take more than $5,000 during a seven-month period in 2009, say prosecutors.



Charles Schwab

New York, NY

Records Taken: Unknown

Type of Breach: Outside Network Intrusion

Date: April 6

A computer hacker was sentenced to 3 years in prison on April 6 for hacking into brokerage accounts at Charles Schwab in September 2006 and laundering more than $246,000, some of which he sent to co-conspirators in Russia. Aleksey Volynskiy also sold 180,000 stolen credit card numbers to a cooperating witness, directing them to be made into credit cards that could be used to withdraw money from ATMs.



Bank of America

Charlotte, N.C.

Records taken: Unknown

Type of Attack: Insider Threat

Date: April 1

A North Carolina bank worker faces jail time for ATM fraud after allegedly changing the ATM computer code at Bank of America networks so that the machines would dispense cash and not record the transactions. The U.S. attorney for the western district of North Carolina filed documents in court on April 1, alleging that Rodney Reed Caverly plotted to deploy malicious computer code within the company's systems so that ATM machines would dispense cash without any record of a transaction. Caverly worked in the bank's IT department and designed and maintained computer systems, including those used by ATMs. The resulting loss from malware installed on Bank of America ATMs was somewhere between $200,000 and $400,000.



PNC Bank

Pittsburgh, Pa.

Records taken: Unknown

Type of Attack: ATM Skimming

Date: April 22

The Western Pennsylvania Financial Crimes Task Force investigated a skimming incident after it got information from PNC Bank that more than $200,000 in fraudulent credit and debit card purchases had been made in New York City and Washington in January. Investigators traced the compromised accounts to ATMs in Pittsburgh, according to a criminal complaint filed in the case. Officials arrested two Romanians, Alexandra Razvan Serb and Mihai Popa, on April 15 and charged them with bank fraud, access device fraud and aggravated identity theft.

May

Capitol One Bank

Melville, N.Y.

Records Taken: Unknown

Type of Breach: Unknown

Date: May 18

Capital One Bank reported to the New Hampshire Attorney General that a "fraud ring may have obtained certain customer information." The personal information included names, addresses, account numbers, Social Security numbers and "other sensitive information." According to the letter to affected individuals from James McFadden, vice president and chief privacy officer for Cap One, the compromise may have occurred between December 2009 and February 2010.





Wells Fargo Bank

Berkeley, Calif.

Records Taken: Unknown

Type of Breach: Skimming

Date: May 21

An unknown number of Berkeley, Calif., area Wells Fargo Bank cardholders have been victims of a point-of-sale compromise. So far, East Bay Wells Fargo customers are affected, but the bank says it believes more banks, ATMs or cards may have been and will be affected. The bank says it is replacing affected customers cards and refunding any losses related to the compromise.





The Los Angeles Firemen's Credit Union

Los Angeles

Records Taken: Unknown

Type of Breach: Unknown

Date: May 10

The Los Angeles Firemen's Credit Union notified some of its 28,000 members that members names, addresses, phone numbers, account numbers and Social Security numbers were compromised when files were not properly moved during an office relocation. A May 10 letter from the credit union's CEO notified members of the breach. Credit union members who were affected will have free credit monitoring supplied by the credit union for the next two years.





FHG Finance

Pleasant Hill, Calif.

Records Taken: 300

Type of Breach: Missing Paper Documents

Date: May 2

The names, bank account numbers and Social Security numbers of 300 loan applicants were compromised when confidential documents were mistakenly put in an outdoor waste bin without being shredded. The paperwork belonged to FHG Finance, a Pleasant Hill, Calif.-based home loan business. The cleaning crew hired by the building to clean part of FHG's building told the business officials that they discovered the documents in the outdoor bin. The documents were then secured and shredded.



Wells Fargo Bank

Berkeley, Calif.

Records taken: Unknown

Type of Attack: Unknown

Date: May 21

A handful of East Bay Wells Fargo customers had their credit cards canceled after they were compromised. The bank says the cards may have been compromised at a point of sale compromise at a retailer or at an ATM.

Â

June

Saint Francis Federal Credit Union

Tulsa, OK

Records Taken: 8,400

Type of Breach: Stolen or missing hardware

June 16

Saint Francis Federal Credit Union officials said that 8,400 account holders' information may be at risk after the loss of a backup tape that contained customer information. Officials said the tape may have been destroyed during a "trash removal process," but that they have been unable to confirm this happened.



Bank of America Call Center

Tampa, FL

Records Taken: Unknown

Type of breach: Insider theft

June 2

A Bank of America call center employee pleaded guilty to charges that he stole sensitive client information and then tried to sell it for cash. He allegedly logged account holders' names, birth dates, addresses and account histories between September 2009 and April 2010. He was supposed to get a 25 percent stake of the profits, court filings state. He also took tax identification numbers, birthdays and phone passwords.

Â

Bank of America

Peabody, MA

Records Taken: Unknown

Type of Breach: Insider Theft

June 25

A former Bank of America bank teller was sentenced in June to prison for bank fraud and identity fraud. Jeffrey Gautreaux of Peabody, Mass. was sentenced to 41 months in prison. Gautreaux will be made to pay $270,295 in restitution to the bank. He had already pled guilty to 17 counts of bank fraud and one count of identity fraud in February. When he worked at Bank of America from 2004 to 2006, Gautreaux stole bank customer data and sold it.

Â



Merrimack Mortgage

Greer, SC

Records Taken: Unknown

Type of Breach: Missing paper documents

June 30



A local mortgage firm, Merrimack Mortgage in Greer, SC was found to have dumped unshredded documents in a dumpster. A local resident reported the breach to local media. The data included in the documents ranged from social security numbers, credit scores and bank account information.

Â Â

August



Wells Fargo

Des Moines, Iowa

Records taken: Unknown

Type of breach: Accidental breach

August 20

Wells Fargo informed the attorney general of Maryland that mortgage papers including social security numbers were sent to a wrong address. At least one resident in Maryland was affected by the accidental breach of data.

October



PNC Bank

Pittsburgh, P.A.

Records taken: 200

Type of breach: ATM skimming

October 19

A foreign national from Spain pleaded guilty in federal court on October 19 to conspiring with a Romanian national to install electronic skimming devices on PNC Bank ATMs located throughout Western Pennsylvania in April and May. More than 200 PNC customer account numbers were believed to have been compromised, with losses between $120,000 and $200,000.



Citibank

Florence, Ky.

Records taken: Unknown

Type of breach: Insider Threat

October 12

A New York woman was sentenced to 30 months in prison for her role in a scheme that defrauded Citibank customers out of more than $1 million. Lisa Reid, 38, was sentenced on one count of bank fraud and one count of aggravated theft, and she was ordered to pay $1,071,871.33 in restitution. Reid executed the scheme by working closely with co-defendant Mahogani Graves, who was employed as a customer service representative at Citibank who stole customer credit card numbers.



Fairwinds Credit Union, RBC Bank

Lady Lake, Clermont, Fla.

Records taken: Unknown

Type of breach: Insider Threat

October 14

A credit union employee and the vmother of a death row inmate was indicted tor stealing elder and deceased customer's credit information to take out loans in their names. The indictment shows that at Fairwinds Credit Union in Lady Lake and then at the RBC Bank in Clermont, Nazreen Mohammed took out loans in the victims' names and made withdrawals on their accounts, then funneled the money into bogus accounts that she created.



Payday Loan Store of Illinois

Chicago, Ill.

Records taken: Unknown

Type of breach: Missing paper documents

October 18

The Payday Loan Store of Illinois allegedly discarded documents containing customers' personal information into trash bins outside four store locations despite promising to safeguard the information. After a consumer complaint, the police found and retrieved approximately two boxes of documents containing information such as social security numbers, driver's license numbers, financial account numbers and PLS loan account numbers.

Â

November

Washington State Employees Credit Union

Olympia, Wash.

Records taken: Unknown

Type of breach: Missing Paper Documents

November 23



Washington State Employees Credit Unions was one of three agencies found to be placing sensitive documents in a recycle bin outside of a state-owned building. Names and Social Security numbers, health and injury claims, as well as copies of business checks complete with account and routing numbers were in plain sight. The other two agencies were the Washington State Department of Labor and Industries and the Court of Appeals.





U.S. Federal Reserve Bank of Cleveland

Cleveland, Ohio

Records taken: 400,000

Type of breach: Outside Network Intrusion

November 19

A Malaysian man has been charged with hacking into major U.S. corporations, including the U.S. Federal Reserve Bank of Cleveland and FedComp, a company that processes financial transactions for credit unions. U.S. Secret Service investigators found more than 400,000 stolen credit and debit card account numbers allegedly obtained by hacking into various computer systems of other financial institutions.



1st Source Bank

South Bend, Ind.

Records taken: Unknown

Type of breach: Insider Threat

November 19

Some 1st Source Bank customers got a letter informing them they will be getting a new PIN and debit card in the mail. The letter said there was a breach at a third-party payment service, and some account numbers and card expiration dates may have been exposed.



Boeing Employee Credit Union

Renton, Wash.

Records taken: Unknown

Type of breach: ATM skimming

November 19

Prosecutors have filed charges against two men believed to have defrauded hundreds of Boeing Employee Credit Union members by "skimming" debit cards at Seattle-area ATMs. During periods in September, the alleged thieves attached skimmers and cameras to the Renton ATM. "Only a small fraction of the victims in this case have been contacted thus far regarding their losses," says Deputy Prosecutor Lisa Napoli O'Toole. Once the investigation is completed, the investigators say hundreds of additional counts of identity theft may be charged.



Monadnock Community Bank

Peterborough, N.H.

Records taken: Unknown

Type of breach: Outside Network Intrusion

November 19

Monadnock Community Bank's card processor notified it that an unnamed third-party payment service provider's network had a data breach involving customer information, including debit card numbers, expiration dates, CVC, and PIN offset for 13 New Hampshire residents. The attorney general of New Hampshire was also notified by the third-party payment service provider about the breach. The total number of affected customers was not reported.



