Thank you for sharing!

Your article was successfully shared with the contacts you provided.

OAK RIDGE, Tenn. – Hackers attacked the $364 million Y-12 FCU’s Web site and managed to obtain the credit card and personal identification numbers of between 17 and 24 members. The attack began on Jan. 9, 2006 at about 7:00 p.m. Unlike usual phishing attacks which use e-mail to try to direct members to a fake look-alike credit union Web site where they are asked for personal information, this attack involved a hack of the CU’s own Web site. Therefore, when members went to the site and logged in, they were taken to the fake CU Web site, according to Chris Smith, CEO of Y-12. “This was a sophisticated wrinkle on the familiar phishing scam which was brought about by a weakness in Microsoft’s software which hackers figured out a way to exploit,” Smith said. Smith said that the software giant first became aware of the weakness on Dec. 27, 2005 but that there was no patch available until Jan. 6. Y-12 received the patch on Jan. 6 in the evening and then had to test it before applying it to all its systems, Smith said. “We were just a few hours too late getting it into place.” Smith praised alert CU members who suspected something was wrong when the CU appeared to ask them for their PINs, something it had promised it would never do. Their notification to the CU that something was wrong allowed Y-12 to pull its site down and stop the fraud in only 90 minutes, Smith said. [email protected]

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical CUTimes.com information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including Law.com and GlobeSt.com.

Already have an account?


Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including TreasuryandRisk.com and Law.com.

Already have an account? Sign In Now
Join Credit Union Times
Live Chat

Copyright © 2022 ALM Media Properties, LLC. All Rights Reserved.