Online Security Breach at Suffolk County National Bank


SCNB web 3

A hacker gained access to over 8,000 online passwords from customers of Suffolk County National Bank just prior to the holiday season, including members of the community that use the Sag Harbor branch.

On Monday, January 11, the company revealed the breach in a press release. According to the bank, Suffolk County National Bank (SCNB) “discovered through an internal security review that an unauthorized intruder accessed certain customers’ Log In information via the computer server hosting SCNB’s Online Banking system.”

According to SCNB, an investigation is ongoing and the unauthorized access occurred during a six-day period between November 18 and November 23. SCNB officials said 8,378 online banking customers were affected by the incident, amounting to less than 10 percent of the bank’s total customers.

According to Doug Shaw, a senior vice president at SCNB, not one customer has reported that their funds were used as a result of the incident and all 8,378 were notified immediately.

“To our knowledge, the information has not been used at all at this point,” he said on Tuesday.

According to SCNB, the company immediately took steps to isolate and rebuild the server the hacker gained access to. According to their press release, the company is also vigorously investigating the incident using forensic experts and has notified the New York State Consumer Protection Board, the New York State Office of Cyber Security and Critical Infrastructure, as well as all law enforcement agencies in the area.

For those affected by the breach, who were notified via first class mail about the situation, the bank has offered two years of credit monitoring for free to ensure their monies are safe despite the industry standard of six months to one year.

“We value our customers greatly,” said Shaw. “And want to ensure their security and protection.”

Investors and shareholders in SCNB possibly will face a small price for the breach as the company advised them it would need “a provision of approximately $351,000, net of taxes, or about $0.04 per share,” was booked in 2009’s last quarter” to account for expenses involved.

According to Shaw, prior to the hacker SCNB has already implemented a plan to beef up online security and efficiency in its online banking system.

“In our particular case, before this occurred we were already in the process of migrating into a new banking system that has additional security features above the prior system,” said Shaw.

He said he expects the system to be launched in just weeks, although declined to give a specific date.

“We want to give better functionality to our customers,” said Shaw. “We always strive to provide the best services.”

In a statement released by the bank, the president and chief executive officer of SCNB, J. Gordon Huszagh said, “We understand that this kind of incident is a source of concern: both to our customers, even if their personal information is not misused; and to our shareholders for the expense incurred in response. We have responded to this incident as promptly, diligently and forthrightly as we know how, and will continue to do so until it is fully resolved. We apologize for the concern, and any inconvenience caused by this incident.”



  1. It seems to me that the number of breaches are increasing. In the breach reports some of the banks go out of there way to point out that they are in compliance with the regulations. However, the regulation don’t seem to be stopping the breaches. Perhaps the regulations need to focus more on prevention.

    How about the requlators take away the bank’s ability to provide online services until they can prove that are compliant. Just a thought.

  2. The problem is with the internet browser, which will currently can be hacked at will. A paradigm shift needs to occur with how data is secured. that technology is available, but IT managers, for the most part, are reluctant to change the way they think about security.