National Bank of Blacksburg lost $2.4 million as hackers used phishing emails to break into the bank in two separate cyber intrusions over an eight-month period.
According to a lawsuit filed last month in the western district of Virginia, a phishing email received by one of its staffers planted a malware that helped the criminals to remotely control a workstation which had access to First Data’s Star Network for card payments. Modifying and removing the security measures, the hackers used hundreds of ATMs across the US to steal funds from customer accounts, leading to a loss of more than $560,000.
Though additional security protocols called the Velocity Rules, were rolled out, hackers again gained access to the bank’s systems through a phishing email eight months later to steal more than $1.8 million.
The Virginia bank is now suing Everest National Insurance Company as the coverage for both attacks were denied under the C&E crime rider, asserting that they were covered by the debit card rider.
The bank argues: “But for this unlawful hacking and the intrusions into its computer systems, National Bank would not have suffered any losses,” adding: “Critical to this Court’s analysis of National Bank’s claims, none of the losses arise from a National Bank customer’s debit card being stolen, or from their debit card information being stolen directly from a National Bank customer’s possession without their knowledge or permission.”