In an unprecedented event, executives at Greece’s four largest banks have decided to cancel and replace about 15,000 payment cards (credit and debit) after a digital forensics firm confirmed that a hacker group infiltrated a travel services website.
In a joint statement, the National Bank of
Greece, Alpha Bank, Eurobank and Piraeus Bank, unveiled the measure. Although
only a few bank cards have been confirmed to have been hacked so far, banking
institutions opted for this solution so as not to leave loose ends.
Multiple details about the incident are still
unknown, such as the extent of the data breach or the type of information
compromised by the threat actors, as well as the method used. In collaboration with
and digital forensics firms, banks are expected to release more details as soon
However, local media reports, the investigation
of the incident is expected to be completed by the end of March, so we will
have to wait for more details. So far it is only known with certainty that the
compromised website provides services for booking airline, ferry, hotels, car
rental, among other tourist services. In addition, this website adheres to the
requirements of the Payment Card Industry Data Security Standard (PCI DSS).
Bank executives, as well as Greek authorities,
expect the investigation to be fruitful, which will help digital forensics
teams establish the best possible solutions to prevent these incidents from
happening again. On the other hand, the affected banks will have to collaborate
in an external investigation by the Central Bank of Greece, in collaboration
with Visa and MasterCard.
Bank executives say security measures
implemented in detecting the attack mitigated the scope, though they have not
mentioned when they will finish issuing the new cards. According to the
International Institute of Cyber Security (IICS), it is recommended at the
moment that users reset their security codes and credentials to access online
banking platforms until their new cards are ready.