Over the years there have been numerous cases in which merchants have had their computer systems hacked, with customer information (including valid credit card numbers) having been stolen.
And there have been cases where individuals have had their computers hacked (or they’ve responded to phishing emails) and had their personal financial resources (e.g. bank accounts) drained.
Have there been cases in which a major financial instititution (e.g. Vanguard Investments, Bank of America, T. Rowe Price, etc.) had their systems hacked with numerous customer accounts being drained away?
“Major” will be a subjective term, but the point is that I’m looking for a case in which the main victim was a business whose primary activity was managing money rather than selling goods.
Back when our company first experimented with transferring data electronically from our payroll system to the bank (early to mid 90’s) the large Canadian banks still had a process where we transmitted data to a contractor company who then walked the IBM Mainframe reel-to-reel tape across the street to the bank. Even in the wild west days of internet, the banks unlike a lot of other institutions were aware of the dangers of unlimited dial-up/internet access to their computers.
Plus banks stuck with IBM Mainframes well past when university types with long hair were installing unix machines everywhere, the favourite hacker target.
There was a case I recall about some fellow who was a consultant on interbank transfer software, and figured out how to inject his own transfers into the system. When they caught him, he had transferred the money to Switzerland and bought a bag of diamonds from the Soviets. The funny thing was, the feds sold the diamonds (for restitution) for a lot more than he paid, so they made a profit on the deal.