PNC apologizes to those caught up in efforts to thwart cyberattacks
PNC Bank apologized to customers blocked from its website in recent weeks, acknowledging its action to fight hackers' cyber attacks might have contributed to the problem.
Downtown-based PNC emailed customers on Thursday night to explain that it tried to block high volumes of traffic directed at its website during denial-of-service attacks.
“In some cases, those measures also may have blocked access to a small percentage of legitimate PNC customers for an extended period,” the bank wrote. “We sincerely apologize to those affected.”
The email went to 5 million customers, but spokeswoman Marcey Zwiebel would not specify how many customers were blocked.
PNC has been hit with occasional denial-of-service attacks since a hacking group issued a Dec. 10 warning that it planned to assault several large U.S. banks. The group, calling itself Martyr Izz ad-Din al-Qassam Cyber Fighters, hit PNC and other banks in September.
Izz ad-Din al-Qassam is the name of an armed wing of Hamas, the militant Palestinian political party.
The September attack crippled PNC's website for two days. The bank's CEO, James Rohr, told CNBC in October that the assault “pummeled” the bank.
“We had 38 straight hours of attacks on our systems, and we had the longest attack of all the banks. They just pummeled us,” Rohr said.
The Cyber Fighters group, which some Internet security experts and government officials have said likely is based in Iran, posted a message online on Jan. 1 claiming responsibility for recent attacks and said they would continue.
“Rulers and officials of American banks must expect our massive attacks!” the message on Pastebin.com stated. “From now on, none of the U.S. banks will be safe from our attacks.”
The message refers to the attacks as Operation Ababil, named for an Iranian-made unmanned aerial vehicle, or drone. The Cyber Fighters group claimed on Jan. 1 that it had attacked J.P. Morgan Chase, Bank of America, Citibank, Wells Fargo, U.S. Bancorp, PNC, BB&T Corp., Suntrust Bank and Regions Financial Corp. in recent weeks.
Denial-of-service attacks overwhelm a website with traffic from thousands of computers infected with a virus. That prevents legitimate users from gaining access.
PNC said the attacks have not affected customers' financial and personal information.
“Please be assured that PNC's website is protected by sophisticated encryption strategies that shield customer information and accounts,” the bank stated.
Among those caught in PNC's efforts to thwart the attacks was Chris Irwin, 31, of Cleveland, who on Friday said he was blocked from the bank's website for three days.
Irwin began experiencing problems on Monday. He was able to log on to the website the next day, but since Wednesday has not gained access.
“I can't even get their website up,” said Irwin, a PNC website user for years. “It just shows some kind of timeout error whenever I do it.”
Many PNC customers took to the bank's Facebook page to complain.
On Friday, PNC stated in a Facebook post that it was aware customers were experiencing trouble.
“That is why we are communicating directly and separately with our customers to help address specific concerns,” PNC said.
Alex Nixon is a staff writer for Trib Total Media. He can be reached at 412-320-7928 or firstname.lastname@example.org.