Use This RBS Worldpay News Report For Training

On November 8, 2008 more than 130 ATM machines in 49 cities throughout the world were hit by a group of cybercriminals during a 30-minute period.


The ATM machines were all part of the RBS Worldpay system. The company put out a press release about this gigantic breach on December 23.
On February 2 the Fox news did a pretty nice follow-up report about the breach; you can see it here.
The hacker(s) lifted the limits on the ATM cards, and stole $9 million dollars through 100 cards during that 30-minute period.
Take your legal, privacy and information security leaders into a room and provide a training session that involves showing them this film, and then follow it by discussing the possible ways in which the hack occurred, and the points within your own organization where you could be vulnerable to a similar hack.
Even if your organization does not have ATM systems, the concepts involved apply to all types of networks, and discussing them together with key players in your organization will help to raise their awareness and understanding of how important information security controls are to preventing privacy breaches, as well as for being in compliance with your organization’s application data protection laws.
Some questions to ask…

  • How was the hacker(s) able to lift the limits?
  • What security controls should have been in place to prevent such a hack?
  • What controls are in place to protect your organization’s customer information?
  • What types of intrusion detection systems could help detect such an attempt into a system?
  • What types of audit logs should be generated on systems?
  • Etc…

Leave a Reply