Bank Breach Hits ATMs, No Retailer At Fault This Time

One of the repeated arguments made in retail data security circles is that retailers tend to have much weaker security because it's not as much of a cultural priority as, for example, banking. So it's a little bit consoling that the latest ATM databreach is apparently not the result of a retail breach, not the result of social engineering and the trusting bank clerk, but is the first proven incident of a bank server's breach linked to ATM fraud.

A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to a Wired story. Although Citibank told Wired that its systems had not been breached, Citibank "warned the FBI on February 1 that 'a Citibank server that processes ATM withdrawals at 7-Eleven convenience stores had been breached,' according to a sworn affidavit by FBI cyber-crime agent Albert Murray."