infosec-news January 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Malware on Laptop Caused Security Breach at

[ISN] Malware on Laptop Caused Security Breach at PenFed

From: InfoSec News <alerts_at_nospam>
Date: Wed Jan 12 2011 - 08:34:06 GMT

[PenFed is short for Pentagon Federal Credit Union - WK]

By Ken
Bank Deals Guy
January 11, 2011

PenFed had a laptop infected with malware that permitted unauthorized
access to a database containing personal data of certain members. The
security breach appeared to only affect PenFed members with credit
cards. Fatwallet members with Amex and Visa credit cards reported being
issued new credit cards with new numbers. Letters to affected members
were supposedly sent on January 4th.

New Hampshire is one of the states that require financial institutions
to notify the state attorney general of security breaches that affect
any of the state's residents.

Here's the PenFed's letter at the New Hampshire state website. It also
included a template of the letter that was sent to certain members.
Here's an excerpt of this letter:


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.