July 6, 2001 2:45 PM PDT
Online financial firm hacked
While he would not discuss details of the intrusion, Paul Citarella, vice president of marketing for the Atlanta-based company, said that the attack did not affect the company's operations.
"A minor incident did occur where someone leveraged a vulnerability in third-party software to access data that they should not have," he said. "All of our banks are up and running and there has been no fraud following the incident."
The company provides software and services for financial institutions ranging in size from the goliath Bank of America to small community banks. In total, S1 has more than 1,000 customers worldwide, according to its Web site.
Citarella added that S1 has called in both the FBI and an independent security firm to investigate the matter. But a representative of the FBI field office in Atlanta said that they were not aware of the incident and were not investigating.
Details of the intrusion were first reported on security Web site SecurityFocus.
The attackers had access to a Windows NT directory that houses Web banking customers' login names and encrypted passwords, the report stated. Using "brute force" decryption techniques, a hacker could decrypt the passwords and compromise accounts.
The incident took place on June 19, according to the SecurityFocus report. Citarella would not confirm the date.