ABA announced yesterday that at least 6,400 email addresses and passwords for its online shopping cart — used to purchase ABA products, training and conference registrations — have been compromised in a data breach. In a message to registered shopping cart users last night, ABA explained that there is no evidence of payment card or other personal information being compromised, and that the association is not aware of any fraudulent activity associated with the breach.
As a precaution, ABA has reset all passwords for shopping cart users and shared instructions about how to establish new ones. Members with questions or concerns can contact ABA at 1-800-BANKERS or visit aba.com/alert to view FAQs. ABA urged members who use the same password at other sites to change those passwords as well.
“ABA is working with a cybersecurity forensics company to identify the origin and full extent of this breach,” ABA President and CEO Frank Keating and Incoming President and CEO Rob Nichols said in an email yesterday. “We also continue to work with cyber information-sharing groups such as FS-ISAC to identify threats, spot breaches and respond quickly. We will keep you apprised of this investigation and what we learn.”
