Current and former members of the U.S. military were issued new bank account numbers and credit cards after attackers accessed a database containing bank account information at the Pentagon's credit union.
An infected laptop was used to access the systems at the
Pentagon's credit union, exposing the financial records of the members of the
United States military, according to a Kaspersky Lab report.
The Pentagon Federal Credit Union notified the New Hampshire
Attorney General of the breach, and said names, addresses, social security
numbers, bank and credit card information of its members were compromised, said
Paul Roberts, editor of Kaspersky Lab's ThreatPost.com site. New Hampshire law
requires that all companies report all breaches that involve its residents.
Massachusetts has a similar law.
At this point, the full extent of the breach is not known,
but so far 514 New Hampshire residents have been affected. It's hard to
determine the magnitude, based on just one state. As Roberts pointed out, a
data breach of the tour company Twin America affected around 300 New Hampshire
residents but 100,000 people nationally.
The credit union discovered on Dec. 12 that someone had
hacked a laptop on its network. Along with the personal information, the
malware allowed attackers to see information relating to former members, joint
account holders and beneficiaries. That vulnerability has been closed and
steps have been taken to prevent a similar breach, according to Roberts.
"We have no indication that your information has been
misused," Roderick Mitchell, PenFed's executive vice president of
operations, wrote in a letter mailed to customers. No PINs or passwords were
accessed, Mitchell wrote. Even so, PenFed has already re-issued all credit and
debit cards to members whose account information was affected.
The Identity Theft Resource Center
reported that data
breaches in general rose 33 percent in 2010 from the previous year. A separate
report from the Department of
Defense found that identity theft
targeting government employees and
classified networks may be on the rise because it was a "low cost high gain"
method to obtain sensitive or classified technology and information. Targeted
"phishing e-mail messages" were among the cyber-tools being used, the report
PenFed serves members in the Air Force, Army, Coast Guard,
Department of Homeland Security, Department of Defense, and the Veterans of
Foreign Wars. With about $15 billion in assets and nearly a million members,
PenFed is not just for savings, as it offers mortgages and loans and issues its
own credit cards.
This isn't the first time PenFed has been targeted. The
credit union posted an alert on its Website notifying users that a person who
was calling members to say their mortgages were being sold and requesting
personal information was fraudulently masquerading as a PenFed underwriter.