Frost Bank announced on Friday that it has suffered a data breach that exposed check images.
The bank is a subsidiary of Cullen/Frost Bankers, Inc., its staff discovered an unauthorized access to its systems containing images of checks.
Attackers compromised a third-party lockbox software program, in this way they were able to access the images of checks stored electronically in the database.
“In March 2018, Frost detected unauthorized access into a third-party lockbox software program that allowed unauthorized users to view and copy images of checks stored electronically in the image archive.” reads the security advisory published by the company.
“The identified incident did not impact other Frost systems. We have stopped the unauthorized access, and have reported the incident to and are cooperating with law-enforcement authorities.”
The lockbox services are normally used by customers to send payments to a central post office box, once the bank will receive the payments it will credit them to a business’s account.
According to Frost Bank, its systems weren’t impacted by the security breach.
The bad news is that crooks once obtained the images could use them to forge checks.
“Information from the accessed images can be used to forge checks.” continues the advisory.
According to Frost Bank, the unauthorized access was limited to one software program serving about 470 commercial customers who use the electronic lockbox,
The company confirmed it stopped the identified unauthorized access once discovered the breach.
Law enforcement is investigating the case, while Frost Bank hired an unnamed cybersecurity firm to investigate the security breach,
“At Frost, we care deeply about taking care of our customers and protecting their information, and we regret that this situation has occurred. We are working very hard to make things right,” Frost Chairman and CEO Phil Green said in a statement.
(Security Affairs – Frost Bank, data breach)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.