ABA's Online Shopping Cart Breached
The American Bankers Association reported it suffered a data breach of its shopping cart application, which members use to sign up for products and services such as conferences.
An ABA executive source said 6,400 records of names and passwords were compromised, but payment card financial data was not compromised because the association encrypts that information.
Be sure to register today for Data Breach Defense, the free CU Times cybersecurity virtual conference on Oct. 6. Find out the latest credit union liability and risks, as well as security measures you can take to ward off cybercriminals.
ABA President/CEO Frank Keating said the association has begun to investigate the hack on the PCI-compliant shopping cart system.
“ABA takes data security very seriously,” Keating said in a prepared statement. “Unfortunately, we have discovered that email addresses and passwords used primarily by ABA members to make purchases or register for events through aba.com’s Shopping Cart have been compromised. Though we are not aware of any fraudulent activity associated with this, we are taking the breach seriously and have launched an immediate investigation. We have seen no evidence that the hacker has also accessed credit card information or other personal financial information.”
Keating added, “(The) ABA is working with a cybersecurity forensics company to identify the origin and full extent of this breach. We also continue to work with cyber information-sharing groups such as the FS-ISAC to identify threats, spot breaches and respond quickly.”
Keating, who was supposed to resign during the summer, has remained as president/CEO.
Former Treasury Department official Robert Nichols is named as incoming president/CEO on the ABA’s website.