Pentagon Credit Union Database Compromised 108
Trailrunner7 writes "The credit union used by members of the US armed forces and their families has admitted that a laptop infected with malware.was used to access a database containing the personal and financial information of customers. The Pentagon Federal Credit Union (PenFed) issued a statement to the New Hampshire Attorney General that said data, including the names, addresses, Social Security Numbers and PenFed banking and credit card account information of its members were accessed by the infected PC."
Re:What should I do? (Score:5, Insightful)
usually their first recommendation is to put a watch on your credit score, a lot of the time when a bank has a breech they offer to pay for a year or so of this service to all their members whose information may have been exposed, so you can call them and see what they are offering for safeties after the fact.
Change your pin and password, security question, etc for this account immediately. If you have a pin or other password etc used on that account that you use in other places, you should change those other places also, as they may try to use the credentials on other accounts they can figure our are yours in other places.
Also while you're talking with this credit union, see what they can do to adjust the 'paranoia level' on your account. That's what gets you a phonecall from them when you go on a vacation and buy a bunch of stuff and suddenly the card is getting declined. You want high paranoia on their part for awhile. There may be ways to set reasonable hard limits on charges per day etc a bit like how you can usually only pull $250 cash a day from an ATM. Set those limits temporarily as tight as you feel you can. They may have other options, ask them.
And of course the ever-popular "consider changing banks". Do you really trust them as much with your money as you did before?
This is incredibly sad. (Score:4, Insightful)
Let's look at this.
In short, infected devices have caused serious problems (and occasionally fatalities). The Pentagon has been subject to malware-related cyber-attacks, including (as noted in the list) serious cases of espionage, in the past. That people are (a) running devices that are open to attack, and (b) are able to connect such devices to any Pentagon network, is seriously pathetic.
It's the IT, not the OS (Score:4, Insightful)
In the end, these sorts of egregious breaches can be blamed on IT and/or management. The latter mostly in cases where they unduly restrict IT from doing their jobs properly. In other (most) cases, it is because IT wasn't on the ball with security.
These stories come out again and again and again, and yet we still see people being allowed to do the wow-stupidest things you can imagine.
A few simple rules for people who haven't learned from these countless news stories:
1. Company computers should only be allowed to perform company functions, and only company computers should be allowed to access company assets.
2. Computer users should never have more access to their own computer or to company assets than they need. And always be conservative at first, and bump up their privs later if it becomes necessary.
3. In situations where users might have access to assets that could potentially put other people's information at risk, those users should be required to undergo some basic security training.
I'm just typing off the top of my head (I'm sure /. can add a few more), and already I've delineated more than I see done in most operations I've seen. It is rather amazing.
And it is extremely infuriating. These people are in charge of my assets. Increasingly all of us have to (if we want to participate in modern society) put more and more of our data into the hands of others. And again and again they prove that they don't deserve the trust we're putting in them.