In what could be one of the biggest cases of cyber extortion in Israel, eight former Bank Leumi employees threatened to sell information about two million of the bank’s credit card accounts unless they were paid a ransom.
Seven of the suspects were arrested over the weekend, and the eighth, the suspected ringleader extradited from Thailand, landed in Ben Gurion airport on Sunday and will face charges with his fellow conspirators.
The eight had obtained the identity numbers and three-digit security code that appear on the back of credit cards for two million holders of the bank’s Leumi Card. While the suspects could have made online or telephone purchases with this information, Leumi Card said that no accounts had been compromised.
Instead, a former Leumi Card employee, fired a year ago and living in Thailand, sent an email to Bank Leumi threatening to sell sensitive cardholder data he had copied to the highest bidder unless he was paid “millions of shekels”.
After an Israeli cyber-crime unit launched an investigation, Thai authorities compounded his equipment in line with Israeli investigators and rescinded his permit to be in the country.
The breach of security is not the first for Israel’s credit card companies, other were committed by penetrating databases linked to the card issuer’s network.
Leumi Card said it was tightening internal security by barring service representatives from accessing data on card holders.
However, industry sources told the Israeli paper Haaretz that Leumi Card, as well as Israel’s other big issuers of credit cards, CAL and Isracard, were using out-of-date security software rather than Payment Card Industry Data Security Standard, or PCI, the international standard used by Visa, Mastercard and other big issuers.
Israel’s three credit card issuers have been working to update their standards for the past five years, but are about two years away from completing the work, the industry sources said.
A survey of corporate decision makers across Europe finds that chief executives in more than half of the businesses canvassed take responsibility for the issue of cybersecurity.
Regulatory technology - aka RegTech - should become a priority for bankers as regulators increasingly focus on risk data aggregation, argues a white paper from Wolters Kluwer.
Despite significant cost-cutting in recent years, management consultancy McKinsey says the world’s biggest banks need more radical business plans.
With its estimated market capitalisation reduced to US$235bn, Wells Fargo’s current valuation is some US$4bn less than its rival.