Return to Level1Techs.com

US Bank Data Breach (stolen server)

I need help understanding how this could happen?

4 Likes

Someone walks in and pretends to be an external person that is suppose to “fix” something, yank the server, then they walkout.


My IT Security instructor literally did this when all of us were overthinking how to secure a server.

8 Likes

The thief was an employee or contractor, but they won’t say that because of potential liability and insurance reasons.

Banks are highly regulated. Even non-regulated industries generally have sign-in and biometric locks to prevent unauthorized datacenter access. There’s near zero chance this was just some rando walking in and grabbing stuff.

4 Likes

Just to show how easy it can be.
https://youtu.be/JsVtHqICeKE&t=3m8s


@Whizdumb Opens for me, but had it time stamped. 3 min mark is my point. But do recommend watching it fully.
3 Likes

“We are so highly secured, nobody can just take a sever of the pile”

That is what Vattenfall said after the main transformer caught fire and the main cooling pumps had a hickup.
Nuclear power plants are so safe, this can’t happen to us! Well, it did

1 Like

Your link is a 404 error. Hope you exported the video.

I edited the link and I found it… Watching it now.

2 Likes

“how is this possible?”

In addition to that video,

lookup “encryption at rest”, “insider risk”, “multi-party authorization”.

3 Likes

Reading the screenshot highlighted section and article: it looks like someone took an office laptop or computer.
Not talking about a datacentre or on-site server or specially secured device, but an office machine.

I don’t know whats the regulations in the banking sector, but working in a somewhat related field, I am wondering if the issue is not with the machine to have (as previously already mentioned) disk encryption and why it had personally identifiable information stored on disk at all.
Guess it was some excel spreadsheets for legacy reasons cause some online system is not yet migrated (since years) and disk encryption was disabled due to helpdesk accessibility issues during current pandemic.

It’s much much easier than you’d imagine. Lots of companies, even large ones you can easily just take a server and walk out with it.

1 Like