January 12, 2011, 12:23PM
Infected PC Compromises Pentagon Credit Union
15 Comments
The credit union used by members of the U.S. armed forces and their families has admitted that a laptop infected with malware was used to access a database containing the personal and financial information of customers.
The Pentagon Federal Credit Union (PenFed) issued a statement to the New Hampshire Attorney General that said data, including the names, addresses, Social Security Numbers and PenFed banking and credit card account information of its members were accessed by the infected PC.
The full size of the breach is not known, but 514 New Hampshire residents were affected, which suggests that the breach could affect tens of thousands of current and former members and family of military, Department of Homeland Security, and Department of Defense. By comparison, a breach by the touring firm Twin America, disclosed in December, 2010, affected around 300 New Hampshire residents, but 100,000 people nationally.
Editor's Pick
PenFed was chartered in 1935 and now serves close to one million members of the military and defense related agencies, with $15 billion in assets, according to the credit union's Web site.
The organization said it learned of the attack on December 12 and immediately took action to eliminate it. PenFed says it has identified the means by which the information was accessed and taken steps to prevent a similar breach from occurring. It has also reissued credit and debit cards to affected customers.
PenFed says it doesn't know of any efforts to misuse the stolen information, but the organization's connection to members of the military, Department of Defense and other U.S. government agencies may well raise the spectre of state-sponsored attack that may, or may not have a financial motive.
A recent report by the Department of Defense's Defense Security Services concluded that Internet bases spying and targeted attacks connected to foreign governments continue to be a major concern, with malware and targeted "phishing" attacks on government employees offering a "low cost, high gain" method of obtaining sensitive data.
Commenting on this Article is closed.
Today's Most Popular
Most Commented Stories
Newsletter Sign-up
Take Our Poll
Do researchers have a moral responsibility to withhold SCADA vulns?
Yes, they shouldn't be published until vendors fix them.
5%
Vendors should be notified, and given a reasonable amount of time to resolve.
44%
Forget vendors, let's break the Internet.
3%
SCADA vulns are FUD.
0%
You can't blame researchers for pointing out shoddy software.
49%
Total votes: 39
Follow Threatpost
 |  |  |  |
| Tumblr |
Comments
It sure would lend some credence to your reporting if you were to understand how to use the words effected and affected...
In what way ?
514 New Hampshire residents were affected - correct
a breach by the touring firm Twin America, disclosed in December, 2010, affected around 300 New Hampshire residents - correct
It has also reissued credit and debit cards to affected customers - correct
effected - execute, produce, or accomplish something
affected - to impact, change, or alter something
the breach could effect tens of thousands
I was wondering why they issued me a new credit card and cancelled my old account without asking.
I'm with dev-null. Affect is used in most verb situations whereas effect is used in most noun situations. There are verb situations in which you may choose to use effect, but the meaning is "to bring about" or "to accomplish" (e.g. to effect change in a policy). The original author is correct.
"the breach could effect tens of thousands" is clearly wrong, sorry.
So, if I am executing a change, or changing execution, is the correct spelling æfected?
Oops, I meac æffected, how silly of me!
Hmm I like this idea... æffected solves the whole problem of affected/effected. Half the people on this planet pronounce both words the same way as it is...
In addition to the possiblity of nation-state sponsored grammatical nit-picking...
There's also a substantial risk of this data being used to determine current members of the government or military, who are in difficult financial straits. These people are more vulnerable to financially motivated subversion. Not only should their credit reports be monitored but their work habits should be monitored and their access authority to sensitive information should be reviewed.
Seems to me that Penfed dis not have proper and/or effective filtering in place or PCI DSS if implimented was not up to date. That's unexcusable if so.
hey - you are correct...and i'll correct the sentence to say "could affect tens of thousands" as in "have an influence upon" rather than "caused or brought about" (effect). thanks for pointing out the mistake!
Not...what this is reffering to is the effected outcome of the action...none the less...you are clearly wrong...
The effect of the affect was effective in affecting the effectiveness of the affectation.