Convenience-store ATMs hacked
Last modified on Thursday, 03 July 2008 07:26
Hackers got into Citibank's network of ATMs and stole customers' PIN codes, according to recent court filings. The hackers gained access to the PIN codes through ATM machines that were installed in 7-Eleven convenience stores in the U.S.
The hack gave thieves access to stolen identities through the information contained on the ATM accessible network. This theft of what consumers believe to be closely guarded and secret banking tools has revealed a large and disturbing security hole in the most sensitive part of a customer’s banking record.
Hackers targeted the ATM system's infrastructure, which is increasingly built on Microsoft's Windows operating system; this OS allows machines to be remotely diagnosed and repaired over the Internet.
There was also the discovery that PINs do not have sufficiently strong encryption and have thus been “leaking” while the information was in transit between the ATMs and the bank computers that process the transactions.
The Citibank data hack began in October 2007 and lasted until March 2008. The number of customers affected by the breach is not known. Citibank has about 5,700 Citibank-branded ATM machines installed in 7-Eleven stores throughout the U.S., but Citibank does not own any of the ATMs.
Cardtronics, of Houston, Texas, owns all the ATM machines but only operates some of them, and Fiserv, of Brookfield, Wisconsin operates the other machines.
It is not known officially how the system was infiltrated, except that the ATM network was hacked through server at a third-party data processor.
The hackers were caught and are being prosecuted in federal court. But the vulnerability of private data to hackers continues to be a huge problem for banking institutions and other businesses that rely on electronic transactions as part of their business.