Suffolk County National Bank, a subsidiary of Suffolk Bancorp, discovered on Christmas eve that an intruder had hacked into its systems for six days between November 18 and November 23, 2009. The accounts were hacked via the server hosting the bank's online banking system. The bank said 8,378 banking customers were affected, although it added that there was no evidence of any unauthorized access to the banking accounts or unusual financial activity.
Upon finding the breach, Suffolk County National Bank immediately rebuilt the hacked server, it said, and launched an investigation into the incidents with the help of external forensics experts. It notified consumer reporting agencies and regulators, including the New York State Office of Cyber Security and Critical Infrastructure Coordination, along with law enforcement agencies. However, it waited until Tuesday to alert customers via first-class mail. Affected retail customers will be provided with two years' credit monitoring services at the bank's expense, it said. Affected business customers get a year's worth of deluxe security checks for free.
The $351 000 set aside to cope with the cost of the breach amounts to around four cents per share, the bank said. "This provision is based on the SNCB's current assessment of the incident. Additional expenses may be incurred to address additional issues, if any, uncovered in the course of completing the investigation."
Suffolk County National Bank had already informed customers that enhancements were being made to the online banking system by the end of this month. Security enhancements were to be among the changes made, it had said.