Morning Security Brief: Financial Web Site Attacks, License Plate Readers, and Exposed User Credentials
Several bank Web sites appear to have been attacked by hackers, the government is sued over the privacy of license plate readers, and many of an association’s user credentials may have been exposed.
►Some customers of U.S. Bancorp and PNC Financial Services have had trouble accessing the banks’ Web sites, which appear to have been targeted by hackers. “U.S. Bancorp is experiencing ‘unusual and high-traffic volume’ on its site that is designed to slow down the system,’” Reuters reported, quoting a bank spokesperson. The story also quotes a PNC spokesperson as saying some of its customers may be “experiencing difficulty logging into the bank’s Website on the first attempt.” Some other banks have reported similar issues in recent days. It was not exactly clear who has been behind the apparent attacks, the story notes. But some have speculated that the attacks have been tied to recent protests in the Middle East.
►The American Civil Liberties Union has sued the departments of Homeland Security and Justice to gain information on automated license plate readers. The group filed the lawsuit in order to enforce Freedom of Information Act requests it filed over the summer to learn more about the technology. “We know enough about the rapid expansion of this technology to be very concerned about it, but there’s a lot we don’t know,” said the ACLU, in a statement . The organization says it is hoping to gain information on questions including what kind of data is retained and for how long, who it is shared with, and what kind of privacy policies protect the data.
►The Institute of Electrical and Electronics Engineers (IEEE) says it has resolved a security incident in which many of its members’ user names and passwords were left insufficiently protected on a publicly available server. According to some reports, a plain text file containing nearly 100,000 credentials were accessible on an IEEE server for at least a month. The association says it is in the process of notifying members who may have been affected. “IEEE takes safeguarding the private information of our members and customers very seriously. We regret the occurrence of this incident and any inconvenience it may have caused,” the group said .