ABA Banking Journal - July/August 2015 - (Page 50)
You've Been Hacked:
How Will You
BY MERRIE SPAETH
mpErSOnATInG reporters on panels
has become one of my favorite
pastimes. After ABA's Annual
Convention last year, where I
played a reporter on a panel
examining how to handle a cyber
attack, ABA invited me to return for
its Risk Management Forum. The
scenario was similar: Your bank has
been hacked. In this mock scenario,
the institution in the hot seat was
a billion-dollar bank in the South
named Lucky Bank, and the media
outlet I represented was "UOMe" TV.
how social media platforms such as
Facebook and Twitter complicate the
communication challenge. Although
bank executives may feel they have
quite enough legal, technical and
operational issues to contend with,
communication-both internal and
external-is needed across the entire
enterprise. You will undoubtedly have
to communicate with key audiences
before you have all the facts. Typically,
you will not have any of the key facts
confirmed when you get word through
third parties or social media.
The first news of the hack came
from credit card companies reporting
that customers were complaining en
masse about unauthorized charges
and cancelled charges. A plaintiffs'
law firm-Dewey, Cheatham & Howe,
borrowed from NPR's "Car Talk"-
trolled the Internet looking for bank
customers for a class action suit, as
did a well-connected, disgruntled
blogger called Bankerbabe.
Create a timeline beginning with taking
the first phone call or reading the first
tweet. Consider how you would handle
Lucky Bank also received word that
the hackers were selling information
allowing criminals to access ATMs,
so bank personnel were physically
reprogramming ATMs outside their
branches. Internet-savvy customers
noted the workmen and posted
pictures of them on Instagram.
Bankerbabe called them to my
attention at the television station.
My role was to ask the questions the
media would ask and to illustrate
ABA BANKING JOURNAL | JULY/AUGUST 2015
the questions below after the first
hour, day or week. On social media,
you must have credible responses that
convey confidence and inspire trust.
And you'll have to deal with these
questions from reporters, customers
and the general public. If you're lucky,
the reporter or customer will call
customer service, but they may also be
trading rumors on social media.
How and when you respond to these
kinds of questions will undoubtedly
depend on your own bank, the nature
and scope of an attack and other
considerations, but grappling with the
questions will give you a snapshot of
Think about how you'll handle questions like this:
* I have heard that your bank has been hacked. Can you confirm or
* How many customers have been affected?
* What information did the hackers get? Social security numbers? What other
kinds of customer data?
* What have you told customers?
* Who's to blame?
* Are you going to change your IT or security providers?
* When did you detect the problem?
* Did you have any warning signs?
* How long were you exposed before discovering it?
* Why did you wait to announce it?
* What are you trying to cover up?
* What kind of liability do you have?
* Will you pay for credit counseling for customers?
Table of Contents for the Digital Edition of ABA Banking Journal - July/August 2015
BANKING’S APPALLING REGULATORY STRUCTURE
HOW BANK CULTURE DRIVES SUCCESS
KEY CONSIDERATIONS FOR CREATING SUCCESSFUL BOARDS
VENDOR RISK MANAGEMENT
FIVE RISKS THAT WILL SHAPE BANKING’S FUTURE
ABA COMPLIANCE CENTER INBOX
REAL ESTATE LENDING
FROM THE STATES
BANKER RECOMMENDED READING
INNOVATIONS IN SOCIAL RESPONSIBILITY
INDEX OF ADVERTISERS
ABA Banking Journal - July/August 2015