NY Bank Regulator Alerts Bank Of Breach

New York’s top banking regulator, Benjamin Lawsky, has taken the unusual step of issuing an alert after a laptop containing bank customer data was stolen from a banker’s car in January.

Pioneer Bank in Troy, N.Y., notified authorities on Feb. 23 of the Jan. 26 theft of the laptop, which contained “personal information of certain customers, including names, Social Security numbers, street addresses, and account and debit card numbers,” according to a letter the bank sent to some customers in late February. The bank also said it had no indication that the customer data had been accessed or misused, and that it didn’t include all customers, according to the Albany Times Union.

The bank didn’t say how many customers’ data was on the stolen laptop or whether the data was encrypted.

But 10 days after the bank reported the theft, Lawsky’s Department of Financial Services (DFS) issued an alert and recommended that bank customers monitor their credit card and bank statements, consider asking credit monitoring agencies to place a fraud alert on their files, and be on the alert for phishing and other scams.

“We strongly encourage Pioneer customers who think they may have been affected to take the necessary steps to safeguard themselves from any potential damage to their financial lives,” Lawsky said in a prepared statement on Thursday (March 5). “This is the latest in a string of breaches of sensitive customer information that further underscores the need for strong information and cybersecurity standards within financial institutions.”

It’s not clear why Lawsky’s department issued the alert, which it hasn’t done in past breach cases, especially after the breach had already been publicly reported.

However, the DFS said it was in the process of its own investigation of the breach, which means it has information on the affected customers that hasn’t been made public. The $820 million-asset Pioneer is also headquartered not far from the state capital, which may have raised concerns that stolen information could be used in attacks on state government systems.

Lawsky also recently revealed several new DFS initiatives to beef up bank security in a Feb. 25 speech at Columbia Law School, in which he said the department planned to add cybersecurity assessments to its bank examinations, require security warranties from banks’ third-party vendors, and consider mandating the use of multi-factor authentication at New York banks.