South African bank to replace 12m cards after employees stole master key | ZDNet
Postbank says employees printed its master key at one of its data centers and then used it to steal $3.2 million.
Postbank, the banking division of South Africa’s Pat Office, recently reported that a rogue employee stole 36-digit master keys used to protect the bank’s systems. The result: 25,000 fraudulent charges valued at 56 million Rand (3.2 million US dollars) and 1 billion Rand (58 million US dollars) to replace all credit and ATM cards issued by the bank.
Chris Hickman, chief security officer at digital identity security vendor Keyfactor says:
“This event serves as a great reminder of the catastrophic consequences even a single compromised key can cause for an organization. Most organizations lack the tools, focus, skillsets and budget to effectively manage cryptographic keys. However, every organization needs to be looking for every key so that it can be managed and audited. Rarely do breaches and compromises happen to assets that are constantly monitored and watched; it’s those assets not being managed that most commonly lead to breach. Proper key management has risen past the level of simply serving as a checkbox on a security questionnaire. It is, and will continue to be, a business-critical, strategic initiative. Put simply: the investment in key management is a drop in the bucket compared to the business, brand and financial cost of a breach or compromise.”