FDIC Examination Uncovers True Scope of 2011 FIS Breach
FIS is now under fire for inaccurate reporting of the 2011 hacking incident.
In 2011, hackers broke in to the banking giant Fidelity National Information Services (FIS). The initial report by FIS on the matter to the SEC stated that “7,170 prepaid accounts may have been at risk and that three individual cardholders’ non-public information may have been disclosed as a result of the unauthorized activities.” FIS then reported taking action in order to block and reissue cards for the hacked accounts. FIS insisted that the breach was limited in scope and restricted to a portion of its network.
A recent report of an examination conducted by the Federal Deposit Insurance Corp. (FDIC) and sent out May 24, 2013 paints a different picture of the incident. The findings show that the breach was much larger than FIS originally reported.
“The initial findings have identified many additional servers exposed by the attackers; and many more instances of the malware exploits utilized in the network intrusions of 2011, which were never properly identified or assessed. As a result, FIS management now recognizes that the security breach events of 2011 were not just a pre-paid card fraud event, as originally maintained, but rather are that of a broader network intrusion.” The FDIC examination shows that almost every facet of the FIS network was infiltrated by the hackers during the 2011 incident.
Original article by KrebsOnSecurity.
Read the full story here.