Commerce Bank database hacked
Technorati Tag: Security Breach
Date Reported:
10/9/07
Organization:
Commerce Bank
Contractor/Consultant/Branch:
None
Victims:
Commerce Bank customers
Number Affected:
3,000*
*The database contained confidential information about 3,000 Commerce Bank customers, however Commerce Bank claims that only 20 were affected.
Types of Data:
"personal data"
Breach Description:
Commerce Bank detected unauthorized activity and access to one of their computer systems that contained confidential information relating to customers of the bank. The database that was accessed contained 3,000 customer records.
Reference URL:
Commerce Bank Annoucement
Springfield Business Journal
Report Credit:
Commerce Bank
Response:
From the official Commerce Bank press release and related news story cited above:
"Commerce Bank has discovered an attempted hacking on a computer system. The hacking was detected and quickly shut down. Commerce immediately notified law enforcement authorities and is working with them in their investigation."
"Commerce has determined that a total of 20 customers had personal data compromised in one database of 3,000 records on that computer system, or one quarter of one percent of our customers."
"Commerce has notified the initial 20 customers as well as the remaining 3,000 customers in that database regarding a possibility that their information has been accessed."
[Comfyllama] There must be some small semblance of doubt about which records were actually accessed, or why would Commerce Bank notify all 3,000 customers in the database?
"In addition, Commerce is providing free credit monitoring service to affected customers for 24 months, plus a toll-free number to call with any questions or concerns."
[Comfyllama] Two years is double the amount of time that is typical of other breach responses. Two years should be the minimum.
"At Commerce Bank, we take the security of our customers' accounts very seriously. We are carefully and actively monitoring all accounts for fraudulent activity and we employ sophisticated fraud detection software to review account transactions. We advise all our customers to regularly and carefully monitor their accounts and to contact us immediately if they see any fraudulent charges."
"For more information, please contact: Jeanne Howard, Director, Regional Marketing, or or Molly Hyland, Public Relations Officer or "
"For additional information, please call or visit www.commercebank.com or email ."
Commentary:
There is not much information available publicly about this breach outside of that mentioned above. It is unclear how this "hack" took place or from where i.e. Internet, internal, etc. I compliment Commerce Bank on their decision to offer two years of identity theft protection as opposed to the standard one year. Keep in mind that identity theft protection is typically a reactive measure that alerts the victim after their information has been used to commit fraud.
It also appears that Commerce Bank responded to this incident quickly and contained the damage.
Past Breaches:
Unknown
Date Reported:10/9/07
Organization:
Commerce Bank
Contractor/Consultant/Branch:
None
Victims:
Commerce Bank customers
Number Affected:
3,000*
*The database contained confidential information about 3,000 Commerce Bank customers, however Commerce Bank claims that only 20 were affected.
Types of Data:
"personal data"
Breach Description:
Commerce Bank detected unauthorized activity and access to one of their computer systems that contained confidential information relating to customers of the bank. The database that was accessed contained 3,000 customer records.
Reference URL:
Commerce Bank Annoucement
Springfield Business Journal
Report Credit:
Commerce Bank
Response:
From the official Commerce Bank press release and related news story cited above:
"Commerce Bank has discovered an attempted hacking on a computer system. The hacking was detected and quickly shut down. Commerce immediately notified law enforcement authorities and is working with them in their investigation."
"Commerce has determined that a total of 20 customers had personal data compromised in one database of 3,000 records on that computer system, or one quarter of one percent of our customers."
"Commerce has notified the initial 20 customers as well as the remaining 3,000 customers in that database regarding a possibility that their information has been accessed."
[Comfyllama] There must be some small semblance of doubt about which records were actually accessed, or why would Commerce Bank notify all 3,000 customers in the database?
"In addition, Commerce is providing free credit monitoring service to affected customers for 24 months, plus a toll-free number to call with any questions or concerns."
[Comfyllama] Two years is double the amount of time that is typical of other breach responses. Two years should be the minimum.
"At Commerce Bank, we take the security of our customers' accounts very seriously. We are carefully and actively monitoring all accounts for fraudulent activity and we employ sophisticated fraud detection software to review account transactions. We advise all our customers to regularly and carefully monitor their accounts and to contact us immediately if they see any fraudulent charges."
"For more information, please contact: Jeanne Howard, Director, Regional Marketing, or or Molly Hyland, Public Relations Officer or "
"For additional information, please call or visit www.commercebank.com or email ."
Commentary:
There is not much information available publicly about this breach outside of that mentioned above. It is unclear how this "hack" took place or from where i.e. Internet, internal, etc. I compliment Commerce Bank on their decision to offer two years of identity theft protection as opposed to the standard one year. Keep in mind that identity theft protection is typically a reactive measure that alerts the victim after their information has been used to commit fraud.
It also appears that Commerce Bank responded to this incident quickly and contained the damage.
Past Breaches:
Unknown
Posts Atom 1.0
Comments