Email Phishing Attack on Orrstown Bank Exposed Information of over 50,000 Customers'

Information of over 50,000 customers of Orrstown Bank got exposed to outsiders when two of its employees fell prey to the email phishing attack, as quoted by the organization in a news release.

The company said that it became aware of the incident, which affected businesses along with individuals whose information was available through those email accounts, on 19 July, 2018. The security team of Orrstown terminated the access of the attackers to compromised email accounts as soon as they discovered the incident.

The bank has affirmed that they have reviewed all its bank systems, thoroughly, and have also contacted the law enforcement. To review the scope of incident, forensic experts were also hired by the bank for conducting an investigation.

The release further stated that other bank systems and operations were not impacted, including computer firewall and its core systems. Moreover, the phishing incident was only restricted to information in those two email accounts.

Orrstown Bank said that not all but over 50,000 customers got impacted by the email phishing attack, and they have already contacted the affected individuals. The bank is further offering free identity and credit monitoring services for the next two years to the impacted individuals. However, no evidence has been found which can prove that the customer information was misused.

Thomas R. Quinn, Jr., President and CEO, said that they regret the inconvenience caused to the customers because of the phishing incident. Quinn added that "we have no evidence of any fraud or misuse of any information as a result of this incident. However, we are a community bank, and we are contacting every customer and business that may have been impacted out of an abundance of caution".

The bank further said that the customer's security for them is supreme most, and they consider the security breach a very serious issue. He also added that they have adopted additional measures, like enhancing training programs for its employees and customers to recognize and avoid phishing attacks, in order to prevent incidents of this kind in future.

The bank has issued a customer care representative number, so as to solve queries and provide required information to the customers.

» SPAMfighter News - 9/13/2018