Fidelity National Information Services Database Hacked: $13 million Stolen In One Day

Posted August 30, 2011 by TeamSHATTER Admin in Attack Vectors, Data Breach, Database Security, Finance and Banking with 0 comments

The robbers used a security breach in Fidelity National Information Services which processes prepaid debit cards.

FIS admitted that there had been a breach in May 5, but security researcher Brian Krebs said that he found evidence that the crime might have been a lot more complex and costly.

According to his KrebsonSecurity blog the attackers first broke into FIS’ network and gained unauthorised access to the company’s database.

In the database they found each debit card customer’s balances.

FIS has some fairly good fraud protection policies that limit the amount cardholders can withdraw from an ATM with a 24-hour period. Once the balance on the cards is reached, the cards cannot be used until their owners put more money back onto the cards.

To get around this problem the criminals used 22 legitimate cards. They went into the database and eliminated each card’s withdrawal limit, and cloned them. Copies of the cards were sent to conspirators in Greece, Russia, Spain, Sweden, Ukraine and the Blighty.

When the prepaid limit on each card got too low, the hackers simply reloaded the fraudulent cards remotely.

On Saturday, March 5, the criminals began taking out money from ATMs. By Sunday evening, the scam was over, and the attackers had stolen $13 million.

Read full article in Tech Eye >>

Tags: attack, breach, credit card, data, database, Fidelity National Information Services, FIS, fraud. 13 million, hack, Krebs, KrebsonSecurity, prepaid debit cards, security, stole, theft

Share|

TeamSHATTER