In what could be one of the biggest cases of cyber extortion in Israel, eight former Bank Leumi employees threatened to sell information about two million of the bank’s credit card accounts unless they were paid a ransom.
Seven of the suspects were arrested over the weekend, and the eighth, the suspected ringleader extradited from Thailand, landed in Ben Gurion airport on Sunday and will face charges with his fellow conspirators.
The eight had obtained the identity numbers and three-digit security code that appear on the back of credit cards for two million holders of the bank’s Leumi Card. While the suspects could have made online or telephone purchases with this information, Leumi Card said that no accounts had been compromised.
Instead, a former Leumi Card employee, fired a year ago and living in Thailand, sent an email to Bank Leumi threatening to sell sensitive cardholder data he had copied to the highest bidder unless he was paid “millions of shekels”.
After an Israeli cyber-crime unit launched an investigation, Thai authorities compounded his equipment in line with Israeli investigators and rescinded his permit to be in the country.
The breach of security is not the first for Israel’s credit card companies, other were committed by penetrating databases linked to the card issuer’s network.
Leumi Card said it was tightening internal security by barring service representatives from accessing data on card holders.
However, industry sources told the Israeli paper Haaretz that Leumi Card, as well as Israel’s other big issuers of credit cards, CAL and Isracard, were using out-of-date security software rather than Payment Card Industry Data Security Standard, or PCI, the international standard used by Visa, Mastercard and other big issuers.
Israel’s three credit card issuers have been working to update their standards for the past five years, but are about two years away from completing the work, the industry sources said.
Whitepapers
Related reading
Central banks best suited to issue digital currencies
By Aaran Fronda A recent report by the Official Monetary and Financial Institutions Forum (OMFIF) said that central banks rather than private ... read more
Instant payments: innovations inbound for corporates
In 2020, instant payments look set to continue their current trajectory to become the biggest trend in payments. While these schemes already offer numerous benefits to corporates, leveraging innovations such as APIs and request to pay will go some way to unlocking their full potential, argues Michael Knetsch
Obstacles exist for banks to meet ECB’s instant payments goal
The cost of joining instant payment platforms will be one of many hurdles banks and payment services providers must overcome to meet ... read more
Banks must be aware of “biases” in data used to train ML models
Financial institutions need to be conscious of biases in the historical data that is being used to train machine learning (ML) models, ... read more
