News

Ky. bank says $415K security breach is not its problem

July 29, 2009

Financial security breaches are all over the news these days, from Heartland to TJX. In most cases, when consumer accounts and cards are compromised, the issuing financial institution bears the brunt of the loss, along with the transaction processor. But Elizabethtown, Ky.-based First Federal Savings Bank is bucking that steadfast practice, claiming it is washing its hands of liability after a local government bank account was hacked.

According to a story in The (Louisville, Ky.) Courier-Journal, Ukranian hackers managed to break into a bank account belonging to the Bullitt County, Ky., government and netted $415,000.

Bullitt officials said the fraudsters hacked into an e-mail to gain access to county government passwords and used those passwords to withdraw funds from an account used to pay county employees. The same malicious software used to hack the e-mail was reportedly used to steal $6 million from banks across the United States, the United Kingdom, Spain and Italy in 2007. Federal investigators, The Courier reports, are still trying to figure out where the Bullitt taxpayers' funds are.

Bullitt officials have identified the malware as being the "ZeuS" trojan, one of the greatest software threats currently hitting the market.

Bullitt County has recovered $105,813 of the $415,989 that was taken, but the county and the bank are still pointing fingers over who is responsible for the unrecovered funds.

Greg Schreacke, president of First Federal Savings Bank, told The Courier that since the government's computers were hacked, the bank is not responsible for the stolen money. The county's Fiscal Court has initiated legal action against the bank.