The American Bankers Association, the financial-industry lobbying giant that wants laws forcing retailers to improve data protection, made two announcements Thursday: It’s observing National Cybersecurity Awareness Month. And hackers have breached its system.
“ABA has learned that e-mail addresses and passwords used to make purchases or register for events through aba.com’s shopping cart have been compromised,” the organization wrote in an e-mail to people who’ve used the online checkout system. “Like the banks we serve, ABA takes data security very seriously. We also recognize that despite significant security measures, breaches can and do occur.”
A spokeswoman for the ABA confirmed the e-mail’s contents.
The incident may turn out to be relatively minor compared with the troves of sensitive information such as credit-card numbers that some big retailers have lost by the millions over the past few years. The ABA said that in its case, at least 6,400 records comprising shopping cart user names and passwords were posted online.
“We have seen no evidence that the hacker has also accessed credit-card or other personal financial information but will advise you immediately if we learn otherwise,” the ABA said. The organization has opened an investigation and isn’t aware of any fraud tied to the incident, it said.
In the other announcement, the ABA said it will raise consumers’ and entrepreneurs’ awareness of cybersecurity during October by providing tips and other resources for preventing, identifying and reporting breaches.
The group also has a web page focused on its policy positions for improving safeguards for shoppers. It wants Congress to pass legislation holding retailers and others to “high, uniform, nationwide standards for safeguarding sensitive customer information” -- akin to the obligations banks have had for years to guard financial information. And it advocates that those responsible for breaches be responsible for costs.