Washington, D.C. June 06, 2011    

FBI National Press Office (202) 324-3691

During the first quarter of 2011, there were 1,092 reported violations of the Federal Bank Robbery and Incidental Crimes Statue, a decrease from the 1,183 reported violations in the same quarter of 2010.¹ According to statistics released today by the FBI, there were 1,081 robberies, nine burglaries, two larcenies, and one extortion of financial institutions² reported between January 1, 2011 and March 31, 2011.

Highlights of the report include:

• Loot was taken in 88 percent of the incidents, totaling more than $7.5 million.
• Of the loot taken, 20 percent of it was recovered. More than $1.7 million was recovered and returned to financial institutions.
• Bank crimes most frequently occurred on Friday. Regardless of the day, the time frame when bank crimes occurred most frequently was between 9:00 a.m. and 11:00 a.m.
• Acts of violence were committed in 4 percent of the incidents, resulting in 24 injuries, three deaths, and 18 persons taken hostage.³
• Demand notes were the most common modus operandi used, closely followed by oral demands.⁴
• Most violations occurred in the Western region of the U.S., with 353 reported incidents.

These statistics were recorded as of April 22, 2011. Note that not all bank crimes are reported to the FBI, and therefore the report is not a complete statistical compilation of all bank crimes that occurred in the U.S.

- View the detailed report.

¹ In the first quarter of 2011, there were 1,081 robberies, nine burglaries, two larcenies and one extortion reported.
² Financial institutions include commercial banks, mutual savings banks, savings and loan associations, and credit unions.
³ One or more acts of violence may occur during an incident.
⁴ More than one modus operandi may have been used during an incident.

Source: http://www.fbi.gov/news/pressrel/press-releases/fbi-releases-bank-crime-statistics-for-first-quarter-of-2011

REGULATORY ALERT

NATIONAL CREDIT UNION ADMINISTRATION

DATE:    May 2011   

LETTER NO.:  11-RA-03

TO:         All Federally Insured Credit Unions

SUBJ:    Security Incidents Prevention and Detection

ENCL:    NSA Information Assurance Advisory,

US-CERT Early Warning and Indicator Notice

Dear Board of Directors:

In response to several recent security breaches involving unauthorized access to vendors’ systems that might impact federally insured credit unions (FICUs), this risk alert highlights appropriate security incident prevention and detection steps for FICUs to protect and secure their members’ information.

FICUs should have robust enterprise risk management practices in place to maintain member data integrity and confidentiality. The components of sound and prudent risk management include risk assessment, risk mitigation and controls, and risk measuring and monitoring. FICUs should perform periodic risk assessments of their information security programs with respect to the prevention and detection of security incidents.

Lack of proper monitoring and control systems allows attackers to gain entry into a target environment through phishing, spear-phishing, drive-by malware injection, and other malicious techniques. Once attackers have entered an environment, they typically use sophisticated tools and techniques to gain access to sensitive data or systems, install a backdoor virus, and exploit system vulnerability. Successful attacks often compromise sensitive member information which may lead to fraud. The increasing sophistication of the tools and techniques attackers use often includes stealth or other means that make their detection more difficult.

We expect FICUs to review carefully the enclosed National Security Agency (NSA) Information Assurance Advisory and the United States Computer Emergency Readiness Team’s (US-CERT) Early Warning and Indicator Notice (EWIN). Both are associated with one of the recent events.

The NSA advisory provides detailed recommendations consistent with previously issued NCUA and Federal Financial Institution Examination Council guidance. Proper physical and logical controls should be implemented to restrict and monitor access to sensitive information, systems, and control components. FICUs should ensure that their information security program includes the evaluation and appropriate disposition of the above-mentioned recommendations based upon their environment and risk profile.

The US-CERT EWIN contains a list of domains associated with malicious activity. FICUs should prohibit network traffic -- both inbound and outbound -- within those domains.

US-CERT and the NSA have published notices and alerts containing recommended mitigation strategies relevant to security incidents posted on the Financial and Banking Information Infrastructure Committee (FBIIC) website (www.fbiic.gov). FICUs are encouraged to access them.

If you have any questions regarding this risk alert, please contact your NCUA Regional Office or State Supervisory Authority.

In a high-tech world where incidents of ultramodern cybercrime are rapidly becoming the norm, it seems that something as straightforward and arcane as a person’s signature — even an electronic one — would be a simple and effortless target for criminals.

But behind every electronic signature used in banking and tax transactions is a multipronged, and strong, network of security provisions keeping the signers — and their data — secure.

Tom Gonser is the founder and chief strategy officer of DocuSign, which provides e-signature solutions to more than 30,000 clients, including companies like John Hancock and Fidelity Investments.

A security breach at the Pentagon's official credit union has exposed the personal and financial records of members of the U.S. military and their families, putting hundreds of thousands of people at risk for identity theft.

The Pentagon Federal Credit Union’s (PenFed) database , which includes names, addresses, Social Security numbers and credit card numbers, was accessed by a malware-infested PC, Paul Roberts of the security firm Kaspersky Lab reported.

Chartered in 1935, PenFed serves about 100,000 members in the Air Force, Army, Coast Guard, Department of Homeland Security, Department of Defense and the Veterans of Foreign Wars. PenFed offers mortgages, credit cards and loans to its customers, and has $15 billion in assets.