Commerce Bank says hacking damage was limited

October 10, 2007

By Jeremy Kirk, IDG News Service

A regional bank in the U.S. said it was able to deflect most of a hacking attempt on its database, but not before some customer information was divulged.

Commerce Bank, which operates banks in five U.S. states, said Tuesday that a hacker gained access to a database with about 3,000 customer records and accessed data belonging to 20 of them. The bank is contacting those who may have been affected.

The hacking was quickly detected and stopped, according to Commerce Bank, which then notified law enforcement.

It wasn't clear how the hacker accessed the bank's database. A common method is by passing malicious data through Web-based forms, known as a SQL (Structure Query Language) injection, which can force the database to reveal other information it holds.

Hackers often look for vulnerabilities in bank and e-commerce Web sites that will allow them to tap into their back-end databases.

Commerce Bank is a subsidiary of Commerce Bancshares, a regional bank holding company.

main page ATTRITION feedback