Fraudulent ATM transactions overseas could be tied to Indiana bank breach - computerworld.com - 19 Jun 2008

A server intrusion at 1st Source Bank in South Bend took place in May

A flurry of fraudulent ATM transactions in recent days in countries such as Russia, Ukraine, Turkey and the Czech Republic may be tied to a server intrusion at 1st Source Bank in South Bend, Ind.

So far, the fraud appears to have affected at least 200 consumers who belong to more than half a dozen banks and credit unions in the state, according to local media reports. Among those reportedly affected are customers of 1st Source, Teachers Credit Union (TCU) and Farm Bureau Credit Union.

Representatives from TCU and Farm Bureau did not immediately respond to a request for comment. Neither did the St. Joseph's County Police Department in Indiana, where a large number of affected consumers reported being victimized by fraudulent automated teller machine transactions.

James Seitz, a vice president at 1st Source, today said it is "reasonable" to assume that the fraudulent transactions are linked to an intrusion into one of the bank's servers on May 12.

The breached server contained debit card transaction data belonging to customers of 1st Source and other financial institutions who used 1st Source ATMs. Seitz confirmed that the information in that server was stolen by hackers, but he refused to say how many records were stolen or how many individuals may have been affected.

After the breach was discovered, the bank immediately "shut down" all of its own cards that were compromised, Seitz said. He refused to disclose how many cards 1st Source blocked and reissued.

The bank also compiled a list of all the other cards that were on the affected system and informed the major credit card companies about the breach, he said.
According to Seitz, much of the fraudulent transactions being reported appear to have taken place over the weekend. Since then, the transactions have "slowed down significantly," he said. Most of the withdrawals were for amounts of $200 or $300 or whatever the daily limits for each card might be.

The incident highlights the international nature of cybercrime and the global market for stolen credit card and bank data. A report released yesterday by security vendor Finjan Inc. noted that the underground market is flooded with stolen credit and debit card data, leading to its easy availability and commodity pricing. According to Finjan, stolen credit and debit card data, which retailed for $100 per card a few months ago, these days costs just about $20 per card and can often be purchased after little more than a Google search.