Attack Information

WHID ID: 

2008-36

Date Occured: 

10 Nov 2008

Attack Method: 

Unknown

Outcome Information

Outcome: 

Leakage of Information

Outcome: 

Monetary Loss

Target Information

Attacked Entity Field: 

Finance

Attacked Entity Geography: 

USA

Update (Feb 4^th 2009): While RBS reported that just 100 cards where abused in the incident, the news now surfaced, that those cards where heavily abused as the hacker managed to lift the withdrawal limit and distribute the card copies around the world so that in total 9 million dollars where withdrawn from them in a matter of hours before they where blocked. At least, as the saying goes, losing a $100 is your problem; losing a million is the banks.

---

The Royal Bank of Scotland (RBS) confirmed that a hacker perform a "sophisticated cyber intrusion" on RBS WorldPay Unit web site. 1.5 Million credit card numbers and 1.1 million social security numbers may have been stolen.

At this time the only abuse known is a fraudulent use of about a 100 reloadable cards, which are used by companies to pay their employees.

Additional information:

• Company press release, December 23rd 2008
• Internet News, December 24th 2008