Robert McMillan identifies problems banks face in incidents such as two previously covered on this blog – a Sovereign Bank incident and a PenFed incident:
…. According to experts, Sovereign’s decision to investigate the situation and then notify customers is probably more cautious than most.
The problem is that it’s often unclear whether hackers were able to access sensitive data.
In some companies — especially in smaller companies in less-closely regulated industries — IT staff coming across a hacked computer may simply wipe the system and set it up anew from scratch, unaware of any regulatory obligation. It takes a careful forensic audit to even have a chance of figuring out when the malicious software was installed, and whether it was used to access sensitive data. But even if there’s a forensic assessment, figuring out whether data has really been accessed can be a matter of guesswork. “There’s no right answer,” said Alan Cox, a principal research analyst with network monitoring company Netwitness. “It’s typically handled on an incident-by-incident basis.”
Read more on PC World. Bob reports that the Sovereign breach affected at least 50 customers.