ORX News digests of the Month: Q2 2018

Every month the ORX News team publishes a featured digest from the ORX News service. It's a detailed look at one of the operational risk losses reported in the media that month, and is handpicked by the team as one of the most interesting stories.

Read on for all the featured summaries from Q2 2018.

June's digest summary

In June 2018, two individuals pleaded guilty to defrauding Langley Federal Credit Union of at least $130,700 using information stolen from the US Office of Personnel Management in a data breach announced in June 2015.

The OPM suffered two related data breaches involving the records of approximately 22.1 million individuals, including people who underwent background checks for security clearances. The stolen information included full names, birth dates, homes addresses and social security numbers. US prosecutors determined that the information of at least six victims of the data breach was used to fraudulently apply for personal and vehicle loans from LFCU over a period of six months. LFCU subsequently issued the loans without determining that the information had been stolen and transferred the personal loans to LFCU accounts opened through the fraudulent applications.

This is the first case of fraud using information acquired from the OPM data breach that the US Department of Justice has publicly disclosed.

May's digest summary

The data of around 90,000 customers of Bank of Montreal and CIBC’s Simplii Financial has allegedly been stolen by hackers and is being held for a ransom of $1m, which is to be paid in the cryptocurrency Ripple. The hackers claimed they used an algorithm to gain partial access to customer accounts, allowing them to pose as customers who had forgotten their passwords and from there change security questions to gain full access. The data includes names, account numbers, passwords, social security numbers and account balances. 

April's digest summary

Samsung Securities has erroneously paid its employees 2.83 billion shares worth KRW 112.6 trillion (approximately USD 105 billion, EUR 85 billion) rather than a total of KRW 2.83 billion in dividends.

Samsung Securities runs an employee stock ownership plan, through which the firm pays dividends to its employees. Yonhap News reports that the error occurred when transferring dividend pay-outs into employee accounts. The firm intended to pay dividends of KRW 1,000 per share for 2,831,620 shares owned by employees, for a total of KRW 2.83 billion. However, the trader responsible for the transaction typed “share” instead of “won”, paying 1,000 shares per share, Korea Joongang Daily reports. The transaction was approved at around 09:00 KST on 6 April 2018 and 2.83 billion shares of Samsung Securities worth KRW 112.6 trillion were sent to employees.