An unauthorized intruder accessed some Suffolk County National Bank customers’ login information via the computer server hosting the bank’s online banking system, the bank’s parent company announced last week.
The breach was detected during an internal security review on Christmas Eve.
An investigation, which is ongoing, revealed that the unauthorized access occurred during a finite, six-day period between November 18 and 23. Less than 10 percent of the bank’s total customers, amounting to 8,378 online banking customers, were affected, according to a press release issued by the bank. All have been notified via first-class mail posted on January 11.
Although the intrusion was limited in duration and scope, the bank immediately isolated and rebuilt the compromised server and took other measures to ensure the security of data on the server. To date, the bank has found no evidence of any unauthorized access to its online banking accounts, nor received any reports of unusual activity or reports of financial loss to its customers.
Suffolk County National Bank has taken a number of additional steps to minimize the possible effect of this incident on its customers, its officials said. In addition to immediately launching an aggressive investigation with assistance from outside experts in forensics, the bank has notified consumer reporting agencies—Experian, Trans Union and Equifax—the New York State Consumer Protection Board, the New York State Office of Cyber Security and Critical Infrastructure Coordination and law enforcement agencies.
Also, arrangements have been made for affected retail customers to receive credit monitoring services for two years at the expense of the bank. Affected business customers will receive a positive pay service from the bank or deluxe security checks for one year, at bank’s expense.
In the press release, Suffolk Bancorp President and Chief Executive Officer J. Gordon Huszagh said, “The security of customers’ information is of utmost importance to SCNB. While we know that our diligence in this regard allowed us to uncover this incident, and to take action rapidly to protect our customers, we also recognize that the provision of financial services over the internet requires our dedication to continuous monitoring and security ... We understand that this kind of incident is a source of concern: both to our customers, even if their personal information is not misused; and to our shareholders for the expense incurred in response. We have responded to this incident as promptly, diligently and forthrightly as we know how, and will continue to do so until it is fully resolved.”
In addition, investors and shareholders should be advised that a net provision of approximately $351,000, in taxes, or .04 cents per share, was booked during the fourth quarter of 2009. Based on the bank’s current assessment of the incident, these expenses may or may not be incurred in responding to this incident and additional expenses may be incurred to address additional issues, if any are uncovered in the course of completing the investigation.
The bank previously informed customers that toward the end of this month it will be introducing many improvements to its online banking service, a project that has been under way for a while. Among the enhancements are additional security features.
For more information, contact the bank manager at (631) 208-2200, or visit SCNB.com.
27east on Jan 20, 2010