An intruder broke into the online banking system of Suffolk County National Bank in November and accessed the login credentials of 8,378 customers, bank officials disclosed this week.
The intrusion into a computer server hosting SCNB's online banking system was discovered Dec. 24 through an internal security review, according to a statement issued by the bank's parent company, Riverhead, N.Y.-based Suffolk Bancorp. The unauthorized access occurred between Nov. 18 and Nov. 23.
The bank immediately isolated and rebuilt the compromised server and has taken additional steps to secure the data on it, officials said.
SCNB said it hasn't found any evidence of unauthorized access to online banking accounts. "We haven't received any reports of unusual activity or financial loss," Douglas Ian Shaw, corporate secretary at Suffolk Bancorp said in an interview Wednesday.
He said the company will not disclose technical details about the intrusion other than what law enforcement may decide to release at a later point in time. The bank has hired outside forensics experts to help with the investigation into the incident.
"The security of customers' information is of utmost importance to SCNB," J. Gordon Huszagh, president and CEO at Suffolk Bancorp, said in a statement. "While we know that our diligence in this regard allowed us to uncover this incident, and to take action rapidly to protect our customers, we also recognize that the provision of financial services over the Internet requires our dedication to continuous monitoring and security."
The bank said it already had a project underway to improve its online banking service and that the improvements included security enhancements.
Suffolk Bancorp advised investors that it booked approximately $351,000 in the fourth quarter of 2009 to account for possible expenses related to the incident.
The number of customers affected by the breach represents less than 10% of SNBC's total customers, the bank said. The bank has 29 offices in Suffolk County.