October 6, 2015
The American Bankers Association, a major financial industry trade group that lobbies for stronger data protection standards, recently reported a data breach within their systems. At least 6,400 email addresses and passwords used to make purchases or register for events through ABA.com’s shopping cart application have been compromised in the breach.
Founded in 1875, the American Bankers Association (ABA) is the largest banking trade association in the US. The association represents banks of all sizes ranging from small, regional and large banks that together employ more than 2 million people, hold more than $15 trillion in assets, safeguard $11 trillion in deposits and extend more than $8 trillion in loans.
With respect to the breach, the ABA said that currently there is no proof of accessing credit card and other personal financial information by the hackers and that the association is not aware of any fraudulent activity regarding the breach.
If you use the same password to access other ABA systems we strongly recommend you change those passwords as well, the ABA advised on its FAQ page regarding the breach. The ABA added that it does not think any other ABA systems were hacked.
ABA is working with a cybersecurity forensics company to identify the origin and full extent of this breach, ABA President and CEO Frank Keating and Incoming President and CEO Rob Nichols said in an email yesterday to the ABA Journal. We also continue to work with cyber information-sharing groups such as FS-ISAC to identify threats, spot breaches and respond quickly. We will keep you apprised of this investigation and what we learn.
Doug Johnson, Senior Vice President and the ABA's chief adviser on payments and cybersecurity policy, said to the American Banker that while there have been past hacking attempts to target the group, "this is, to my knowledge, the first time that we have seen information in terms of passwords and IDs essentially be compromised."
Johnson said the trade group is "less inclined to worry about the motivation and more inclined to worry about the incident response." After learning of the breach, he said that the group tried to gather more details before announcing it to members.
The breach announcement is unfortunately timed when the association announced its participation in National Cybersecurity Awareness Month campaign. The campaign is led by the US Department of Homeland Security together with the National Cyber Security Alliance, the nation’s leading nonprofit, public-private partnership promoting online safety and digital privacy.
According to the press release, throughout October, ABA will release resources to help consumers prevent, identify and report instances of cybercrime; such as ways to protect mobile devices, identities, small business accounts and customers themselves online.
Global companies and government organizations have become increasingly concerned about cybersecurity in 2015. With the recent history of major information breaches in various sectors, cybersecurity failures do not seem to be surprising anymore. It is time that companies take security as the matter of priority and work towards fighting against cybercrime.