PNC apologizes to those caught up in efforts to thwart cyberattacks
By Alex Nixon
Published: Friday, Jan. 4, 2013, 10:36 a.m.
PNC Bank apologized to customers blocked from its website in recent weeks, acknowledging its action to fight hackers' cyber attacks might have contributed to the problem.
Downtown-based PNC emailed customers on Thursday night to explain that it tried to block high volumes of traffic directed at its website during denial-of-service attacks.
“In some cases, those measures also may have blocked access to a small percentage of legitimate PNC customers for an extended period,” the bank wrote. “We sincerely apologize to those affected.”
The email went to 5 million customers, but spokeswoman Marcey Zwiebel would not specify how many customers were blocked.
PNC has been hit with occasional denial-of-service attacks since a hacking group issued a Dec. 10 warning that it planned to assault several large U.S. banks. The group, calling itself Martyr Izz ad-Din al-Qassam Cyber Fighters, hit PNC and other banks in September.
Izz ad-Din al-Qassam is the name of an armed wing of Hamas, the militant Palestinian political party.
The September attack crippled PNC's website for two days. The bank's CEO, James Rohr, told CNBC in October that the assault “pummeled” the bank.
“We had 38 straight hours of attacks on our systems, and we had the longest attack of all the banks. They just pummeled us,” Rohr said.
The Cyber Fighters group, which some Internet security experts and government officials have said likely is based in Iran, posted a message online on Jan. 1 claiming responsibility for recent attacks and said they would continue.
“Rulers and officials of American banks must expect our massive attacks!” the message on Pastebin.com stated. “From now on, none of the U.S. banks will be safe from our attacks.”
The message refers to the attacks as Operation Ababil, named for an Iranian-made unmanned aerial vehicle, or drone. The Cyber Fighters group claimed on Jan. 1 that it had attacked J.P. Morgan Chase, Bank of America, Citibank, Wells Fargo, U.S. Bancorp, PNC, BB&T Corp., Suntrust Bank and Regions Financial Corp. in recent weeks.
Denial-of-service attacks overwhelm a website with traffic from thousands of computers infected with a virus. That prevents legitimate users from gaining access.
PNC said the attacks have not affected customers' financial and personal information.
“Please be assured that PNC's website is protected by sophisticated encryption strategies that shield customer information and accounts,” the bank stated.
Among those caught in PNC's efforts to thwart the attacks was Chris Irwin, 31, of Cleveland, who on Friday said he was blocked from the bank's website for three days.
Irwin began experiencing problems on Monday. He was able to log on to the website the next day, but since Wednesday has not gained access.
“I can't even get their website up,” said Irwin, a PNC website user for years. “It just shows some kind of timeout error whenever I do it.”
Many PNC customers took to the bank's Facebook page to complain.
On Friday, PNC stated in a Facebook post that it was aware customers were experiencing trouble.
“That is why we are communicating directly and separately with our customers to help address specific concerns,” PNC said.
Alex Nixon is a staff writer for Trib Total Media. He can be reached at 412-320-7928 or firstname.lastname@example.org.
Show commenting policy
TribLive commenting policy
You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.
We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.
While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.
We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers.
We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.
We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.
We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.
We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.
- Teach your engine well
- Wake up and smell the bacon app
- JPMorgan whistle-blower gets $64M for mortgage fraud tips
- Employers nationwide added 175K jobs despite harsh weather
- Natural gas industry buoyed by advancing technology
- Silicon ‘Valley of haves, have-nots’
- Google barge departs San Francisco to new home
- Disney to lay off 700 from interactive unit
- Winds of war hurt stocks
- Staples to shutter 225 stores as sales move online
- ADT settles deception charges