2015-06-13 10:11 Author: (DS) (TUL), (LUK) [Photo: Yuri Samoilova / Flickr (CC BY 2.0)] 
On Friday, before midnight on one of the forums figures emerged Plus 500 clients of the Bank. In addition to basic data such as name and surname of the owner or company name published, amongst others numbers and expiry dates of payment cards, account balances and transaction history. Every Friday hacker will publish further data if the bank fails to meet his demands.
On Wednesday we reported about the break to Plus Bank, which took place in April. A hacker exploiting a vulnerability in the software niezaktualizowanym, made an attack on the servers of the bank. Announced that it is in possession of a copy of the entire server of the bank.
The Hacker – despite the disclosure of the attack and some data – demands a ransom from the bank. He says that if it is not paid, it will be every Friday revealed another parcel with information about the customers.
How many requests? 200 thousand. zł in the case of a single transaction, or 400 thousand. zł distributed in installments. Interestingly, he wants to hit them on account of any orphanage.
What are the representatives of the bank?
“In connection with mediowymi reports, data security, please note that the money clients have been and are safe “- reads what today issued a Plus Bank.
Are the banks adequately ensure the safety of customers?
“Please also note that in the first quarter of the current year occurred in PlusBank to criminal hacker group attack which was detected and blocked. Bank after identifying the modus operandi of criminals immediately took remedial action aimed at strengthening security systems. Further attempts have been thwarted cyber attack. None of the customers of the bank had not suffered financial prejudice “- we read .
In addition, the bank hinted that it does not intend to conduct any negotiations with a hacker “Plus Bank is of the opinion that the security and reputation of the bank’s customers are the highest priority, which is why the people blatantly breaking the law, whose activities are aimed against the bank and its customers, was not conducting any negotiations. “
– The duties of banks to protect data against their unauthorized disclosure – says attorney. Marcin Zadrożny of ODO 24, a company specializing in the protection of personal data and safety information. – Violation of this obligation is sanctioned criminal liability.
The case for the prosecutor
What – according to experts – should do, Plus Bank, if the information provided by the hacker prove to be true? In the opinion of attorney. Martin Zadrozny bank, if you did not, you definitely should immediately notify the public prosecutor about a possible crime, but also to verify the security and procedures to ensure the protection of the data processed.
“The Bank works closely with law enforcement authorities, which from the beginning engaged in the discovery and apprehension of criminals. We are confident that the tough stance of the bank associated with inaction any attempts to negotiate with criminals and strengthen security systems in the field of prevention-related of IT security, operations prosecutor’s office and the police and other institutions, will lead in the near-term offenders to justice. ” – Provides Plus Bank.
Maciej Kaczmarski, President ODO 24, strongly recommends that in this situation, an external security audit. – It seems that the system failed Plus Bank, among others, weak monitoring of file resources. In these environments, every suspicious file, and as such should be considered of unknown origin java script file that was used to capture customer data, should be immediately captured and tested – explains Kaczmarski.
| Hacker attacks on Poland. The cyberwarfare anyone can be a target: |
Read more in Money.pl
No comments:
Post a Comment