FORT WORTH, Texas -- In what has become a somewhat rare occurrence, a U.S. bank--which happens to be a former CU--had some of its depositors' money stolen in a direct hacking attack and has had to limit debit card use and re-issue cards, according to media reports.
OmniAmerican Bank had been OmniAmerican Credit Union until 2005 when it converted to a bank charter and subsequently issued stock as part of a mutual holding company.
The local media quoted Tim Carter, president of the bank, as saying that the scheme was "pretty sophisticated." In a Fort Worth Star Telegram report, Carter called the amount stolen minimal and said the former CU had fewer than 100 accounts compromised.
Nevertheless the bank has placed limits on some ATM and debit card transactions, particularly those outside the state of Texas, and has re-issued 40,000 debit cards, the report stated.
According to the bank, the criminals were able to hack into its records and obtain card numbers and PINs as well as create new PINs. They then fabricated debit cards and withdrew cash from ATMs across Eastern Europe, including Russia.
Direct hacking into financial institutions in the U.S. has been relatively rare, though it has happened to banks overseas. Most U.S. data security breaches have taken place when hackers have compromised computer systems in retail chains and stores.