The new year is not even a month old and we already have had the first major company data breach. And this breach is at a U.S. financial institution. On January 6, ComputerWorld reported:
"CheckFree Corp. and some of the banks that use its electronic bill payment service are notifying more than 5 million customers that criminals took control of several of the company's Internet domains and redirected customer traffic to a malicious Web site hosted in the Ukraine."
This data breach is important because:
"... in a notice filed with the New Hampshire Attorney General, CheckFree disclosed that it was warning many more customers than previously thought."
Basically, two groups of consumers were affected by the data breach:
"... 1.) those who we were able to identify who had attempted to pay bills from our client's bill pay sites and minus those who actually completed sessions on our site, and 2.) anyone enrolled in mycheckfree.com."
How bad was the hack and data breach? It was this bad:
"Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on the day of the attack were redirected to a Ukrainian Web server that used malicious software to try and install a password-stealing program on the victim's computer. The criminals were able to take control of several CheckFree Web domains after logging into the company's Internet domain registrar, Network Solutions, and changing the CheckFree DNS settings."
Because Checkfree lost control of its Web domains, the company doesn't know exactly how many consumers were affected. Checkfree believes that a smaller number of consumers (160,000) were likely affected with the malware, but because the company really doesn't know it is notifying 5 million consumers because that many could be affected.
Geez. So much for bullet-proof data security by a U.S. financial institution. If you don't know what banking services Checkfree performs:
"CheckFree processes bill payments for more than half of the banking institutions in the U.S... CheckFree has deals to provide electronic bill payment services to banks such as Wachovia and Bank of America. It is not clear whether or not these banks were affected by the attack."
My advice to consumers: if you receive notification or a free credit monitoring service offer from Checkfree, review it closely to see if it is better protection than you can get elsewhere. Also, check your online banking and financial account statements closely for fraud.