https://www.zdnet.com/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/
By Catalin Cimpanu
Zero Day
ZDNet.com
June 15, 2020
Postbank, the banking division of South Africa's Post Office, has lost more
than $3.2 million from fraudulent transactions and will now have to replace
more than 12 million cards for its customers after employees printed and then
stole its master key.
The Sunday Times of South Africa, the local news outlet that broke the story,
said the incident took place in December 2018 when someone printed the bank's
master key on a piece of paper at its old data center in the city of Pretoria.
The bank suspects that employees are behind the breach, the news publication
said, citing an internal security audit they obtained from a source in the
bank.
The master key is a 36-digit code (encryption key) that allows its holder to
decrypt the bank's operations and even access and modify banking systems. It is
also used to generate keys for customer cards.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
