Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Brian Krebs reports: Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses. According to a lawsuit filed last month in the Western District of Virginia, the first heist took place in late May 2016, after an employee at The National Bank of Blacksburg fell victim to a targeted phishing email. The email allowed the intruders to install malware on the victim's PC and to compromise a second computer at the bank that had access to the STAR Network, a system run by financial industry giant First Data that the bank uses to handle debit card transactions for customers. That second computer had the ability to manage National Bank customer accounts and their use of ATMs and bank cards.

Re:Insurance didn't protect them

[xxxJonBoyxxx]

I think they just found out that "cybersecurity insurance" is a joke: one missing patch or badly configured machine and your insurer will deny you. Remember, these are that same folks that manage medical insurance - you sure you want a bunch of "claim denied" messages when your IT systems go t**s up?

Twice?!?!

[Major+Blud]

Now the financial institution is suing its insurance provider for refusing to fully cover the losses.

Hack me once, shame on you, hack me twice, shame on me?

Seriously, 8 months passed between the phishing incidents. That's plenty enough time to do a security audit and train your staff, and the insurance company knows that.