Texas-chartered Frost Bank has detected an instance of unauthorized access that might have exposed the images of some electronically stored checks.
Frost, which is one of the largest banks in Texas at 139 branches across the state, detected the security incident in March 2018.
According to a statement published on its website, the event involved someone gaining unauthorized access to a third-party lockbox software program. This program facilitates the operation of a lockbox by which customers send check payments to a central post office box. At that location, the bank receives each customer’s payment and credits it to their account.
In gaining access to the software program, the unknown parties acquired the privileges necessary to copy and view electronically stored check images. Attackers could in turn use those images to forge checks.
The Bank discovered this intrusion using “enhanced detection measures” and subsequently blocked the unauthorized access from continuing. Looking into the matter, it’s determined that the incident likely affected 470 corporate customers who use the electronic lockbox.
Among those affected by the incident is the City of Corpus Christi, which maintains three commercial banks with Frost Bank. Those include accounts that support the municipality’s emergency medical services and utility payment processing system.
Constance P. Sanchez, Finance Director for city, is warning users to pay attention to their bank accounts while the Corpus Christi government awaits to learn more from Frost. As quoted by KRISTV.com:
We know very little at this time about the investigation being conducted by the FBI and Secret Service regarding the Frost Bank security breach. We want our customers to monitor their bank accounts as a precaution. At this time, we do not know the extent of the breach or if any of our customers are impacted.
In the meantime, Frost’s CEO Phil Green has apologized for any inconvenience caused by the unauthorized access and said he and others “are working very hard to make things right.”
The incident is not believed to have affected Frost’s internal operating systems.
At this time, the Bank is working with law enforcement to further shore up its systems.
News of this possible disclosure follows a month after reports broke that digital attackers abused the SWIFT system of an Indian bank in an attempt to make off with approximately $2 million in stolen funds.