1st Source Bank breach is "source" of recent bank fraud problems Save Email Print
Posted: 5:57 PM Jun 18, 2008
 Last Updated: 11:14 AM Jun 19, 2008
 Reporter: Sarah Platt
Email Address: sarah.platt@wndu.com
65 comments
A | A | A

NewsCenter 16 is learning more about the source of a bank breach that's caused headaches for dozens of people in Michiana. As we've been reporting, many people have seen fraudulent withdrawals from their bank accounts.

On Wednesday, 1st Source Bank officials say these recent problems are related to a breach they had on May 12th. 1st Source Bank’s Jim Seitz tells Newscenter 16 that the problem can be traced back to last month, when hackers hacked into a server and stole their customers' information. Just this week, Seitz says 1st Source learned that the hackers also got away with non-1st Source customers’ numbers-- if those people used one of their ATM machines.

Local police continue to take dozens of reports on this recent string of bank fraud. As of Wednesday afternoon, here's a look at the number of some of the confirmed bank fraud reports in our area. St. Joseph County Police have taken 45 bank fraud reports. South Bend Police have taken 26 reports and Mishawaka Police have taken 14. (Note: these are just the confirmed reports to date.)

Victims, like Hollyann Tuholski, have been on the phone with their banks over the last couple days. 1st Source officials tell us the other banks involved have been alerted. “We met this morning with a group of fellow bankers and it appears all of the banks who were at the meeting had received lists and are taking appropriate action to protect customers,” says 1st Source’s Jim Seitz.

“I don't feel bad about doing any of this, creates a lot of work, but I'm willing to do it as long as we can figure out where breach happened and prevent it from happening again,” says Hollyann Tuholski, a bank fraud victim.

If you have a fraud issue, police are encouraging people to not only contact their banks, but file a police report as well.

To prevent future identity theft and fraud, 1st Source Bank customers were issued new cards this month. Meantime, bank officials say the hackers/thieves didn't get any personal information from the non-1st Source Bank customers who were exposed in this incident.
More Stories
Niles complaints sent to Congress

Local Republicans discuss convention wrap-up

Granger construction worker knocked out by lightning

Four-day work week expands in LaPorte County

 Local hospitals hurt by abuse of the emergency room system

Graffiti on display at I.U.S.B.

Kati pleads guilty to killing bar security guard

Budget cuts concerns in county departments
Post Your Comments
First Name:
Location:
Enter Comments: characters left
Email (optional):
Email will not be displayed on site. For station contact purpose only.
Read Comments
Comments are posted from viewers like you and do not always reflect the views of this station.
Posted by: Kevin Location: South Bend on Jun 30, 2008 at 03:18 PM
I did to make the post below, the other Kevin is the imposter! I was the only level headed thinker, and the rest are trolls
Posted by: Kevin Location: South Bend on Jun 24, 2008 at 12:18 AM
I didn't put in the last comment. Someone is having some fun. I guess people are not really discussing the issue any more and are attacking people instead. Thanks for those that think in a level headed way.
Posted by: Count Basi Location: East Side on Jun 23, 2008 at 03:48 PM
Hey Kevin, Can you also whistle Dixie while toot-n your own horn? Rocky & Bullwinkle could use you for Mr. Know-it-all.....
Posted by: Lou Location: South Bend on Jun 23, 2008 at 03:06 PM
So what language are you using Bill? It certainly isn't English, given all of the misspelled words. You must be a product of our wonderful public school system.
Posted by: Kevin Location: South Bend on Jun 23, 2008 at 01:21 PM
I want you to all bow down and kiss my feet. I do know it all about network security, and you have proven again that you all know nothing.
Posted by: 1st source customer Location: Elkhart on Jun 23, 2008 at 12:08 PM
FYI your card does close once you activate the new one! I did mine and it worked closed the old one. I applaud 1st source for trying to help its customers! This same thing has happened at other banks and they never told their customers, at least 1st source cares enough to tell us! My other bank didnt. The Elkhart Truth has a great article on this situation, they tell the facts about the other banks this has happened to. Things happen. Your account is secured, you get reimbersed for the stuff taken out. Be patient, stop being rude.
Posted by: stay at home mom Location: south bend on Jun 23, 2008 at 11:57 AM
Sick of the Ignorance- I know because I was a teller and I also worked in the back end where the processed att the work for the bank at night. I KNOW my info is out there, I'M not IGNORANT. I will stay at home and cook and clean, but I will NEVER "hush up". That is why I vote for that freedom.
Posted by: Anon Location: Here on Jun 23, 2008 at 06:43 AM
There you go again, Kevin, making up facts... how do you know I bank with them? I am just making the simple point that just because you were a customer once does not mean that you know what goes on behind the scenes. Sounds like you are in that evening computer class program and just aching to spread your "knowledge". My money is safe and sound, I am not angry at all. I just prefer that people not pass themselves off as experts when they so obviously aren't, yet still come here to lecture and pass judgement.
Posted by: Glen S Location: Mishawaka on Jun 22, 2008 at 06:53 PM
Welcome to the new cashless society where your money can go poof in an instant without a why or how. I never use cards--always cash only. I never keep money in the bank either just the min to keep the account open for deposits then i take it out and take it home to my 375 pound safe.
Posted by: James Location: South Bend on Jun 21, 2008 at 07:00 PM
Who needs banks, I keep my money under the mattress.
Posted by: Todd Location: South bend on Jun 20, 2008 at 09:10 PM
M. David...all stores use credit card machines typically provided or leased from their bank who does the processing to the stores account. That is how this happens. As far as First Source being the only bank where a person answers a phone is a lie. Mine does as well.
Posted by: Kevin Location: South Bend on Jun 20, 2008 at 12:21 PM
Anon sounds agry, you should focus your energy on the topic at hand, which is network secrity related to banks. For your information I work in network security and do know many things related to this topic. As a former 1st Source Bank customer, I can tell you they were 5 to 8 years behind in technology. It's not surprising they got hacked, but it shouldn't be excepted. People who are lazy and want to right it off as "everyone gets hacked", deserve 1st Source Bank. So stay with them, and keep your lazy head in the sand.
Posted by: Anon Location: Here on Jun 20, 2008 at 10:29 AM
Kevin is an idiot. Sounds like you are berating us for googling the THOUSANDS of stories about hacking onto banks and then making assumptions about what servers and security the bank has. You are doing exactly what you are preaching NOT to do- lazy research? At least we did some and did not just throw a random comment out there. "Wake up", Kevin! You pass yourself off as all-knowing, but you sure have a lot of "ifs" in your comment, don't you, pal?!
Posted by: Sick Of the Ignorance Location: Mishawaka on Jun 20, 2008 at 10:13 AM
Stay at home Mom...evidently your clueless also. If you worked there, than how in the world can you know what they did on the back end. Banks get hacked, just like stores, Visa, Mastercard. Your information is out there, because we all have a card of some sort. Even the library has our information. So, stay at home, cook and clean and hush up.
Posted by: Kevin Location: South Bend on Jun 20, 2008 at 08:28 AM
Hey M, Did you everthink that when you use your card at Martin's it is process by someone, maybe 1st Source? It would make sense if Martin's does it's business bank with 1st Source. In the end it call comes back to their incompetence.
Posted by: Kevin Location: South Bend on Jun 20, 2008 at 08:12 AM
Once again we get this nonsense about this is the way things are from people who don't know much about Internet security. Sure other banks get hacked. But not all, and not as much as a google search might show. Anyone using Google searches for actual research is a lazy researcher. You need to find actual numbers, not news stories. Banks know what needs to be done to secure a network connection. If they don't they shouldn't be connected to the Internet. They know that installing cheap Windows bases servers are easily hacked. But they don't want to spend the money to either harden them or hire the security personel to run the Internet connection. Maybe someone should be asking if this was preventable. That is the real question. If it was, then they were obviousely degligent. Wake up people, it is not OK to give 1st Source a pass. Though I expect many of these comments in 1st Source's defense is coming from employees.
Posted by: TheTruth Location: Mishawaka on Jun 20, 2008 at 07:17 AM
ROBIN, YOUR LYING...where in the world did you get that type of nonsense from. They do not charge you, in fact, 1st Source is the ONLY bank who have PEOPLE actually answer the phone.
Posted by: Bank Employee Location: Anonymous on Jun 19, 2008 at 09:48 PM
I made a comment yesterday that WNDU did not post, so I will not make the same comment. I have been in banking over 20 years and half or three quarters of that time have been in credit card and merchant processing. I am very familiar with the operations in banks from front end to back end,(credit cards & deposit operations), and I have some gut instincts about what probably happened, but I will not say, because I don't know everything. If my instincts are correct,it would not good enough to stand up in a courtroom if you know what I mean. With that being said, most of you are likely way off base. No offense intended, but be rest assured that every bank around here this effected, is not taking this lightly. There is a lot more concern from banks than most of you think, and this was a well thought out plan from individual(s) that had a strong enough will and/or strong enough way to make it work with intentions to financially cripple or hurt a lot of people.
Posted by: Todd Location: South Bend on Jun 19, 2008 at 08:25 PM
National City was awesome. They called me and said there my card was in jeopardy and canceled it right away. No money taken. I will get a new card in a week or two. That is awesome customer service. I highly recommend them as a customer of four years.
Posted by: Max Location: South Bend on Jun 19, 2008 at 08:21 PM
All of you who are critical have obviously never had to investigate and respond to something of this nature. It's huge! You are ignorant "back seat" drivers who don't have a clue what you are talking about. Please get educated, then we'll listen. I personally feel badly for 1st Source. This can and will happen to the other banks in the future. Anyone who thinks otherwise is foolish. Google "bank data breach" and you'll be amazed how prevalent this is. Unfortunately this is a sign of our times and the tip of the iceberg.
Posted by: John Location: Elkhart on Jun 19, 2008 at 07:50 PM
In response to "why should retailers be held accountable? take care of your own info." At some point you have to give your info to someone else, or swipe it through a reader to make a purchase, from that point on your info is out of your control. In my case the card # they stole we used very infrequently and only at about 3 trusted retailers. The thieves made a duplicate card and made their purchases in person in the stores. I feel that my info was controlled very well but it only takes one unhappy or greedy employee at a retailer that you do buisiness with to copy your card number, make a card, and start using it. And for the record the retailers that we called did give the info but did so reluctantly and were quite rude and told us that our bank sholud be calling them, and when our bank called them they were told that the card holder should be calling. I bet I could sign "Daffy Duck" on the back of my credit cards and no retailer would even notice.
Posted by: M Location: Granger on Jun 19, 2008 at 05:36 PM
I think that everyone is missing the fact that this HAPPENED AT MARTIN'S SUPERMARKET. I do not bank at 1st Source and have never used their ATMs. I used my debit card at Martin's this weekend at the supermarket checkout lane, and my Nat City account got dinged for almost a grand. 1st Source handles the credit/ debit transactions for Martin's and they ALL MUST KNOW ABOUT THE BREACH. Martin's has a duty to its customers to announce publically that they have lost PIN and card information. Perhaps WNDU should send a reporter over there and ask around. I get it that 1st Source is a second rate bank and perhaps has some criminal culpability here. But how about my local grocery store??? Just waiting for this to blow over. NICE!!!!!!
Posted by: Former Customer Location: SB on Jun 19, 2008 at 03:24 PM
The management team at 1st source are a bunch of old, middleaged, white men. Who think they new more then they do. They don't listen to customers, they only care about filing there own pockets. You loyal 1st source customers are naive about their dedication to customer service and safty. The obviously installed an unsecure, train wreck of a system. Then they poorly protected it through incompetence and blamed the whole think on "well everyone gets hacked", like it's just the norm. Well it's not, and should not be excepted my we the customer. I like how they have Jim Seitz out there speaking about this, when the CEO, Mr. Murphy, should be making a public statement on what is being done to ensure this never happens again. And who was at fault for all of this mess.
Posted by: All gone Location: Elkhart on Jun 19, 2008 at 02:00 PM
I agree, 1st Source does need to pay for what has happened. I know that I am one of many that doesn't have access to money to hold me over until my money is put back into my account. It was 1st Source's responsibility to at least make it known that non-customers may have been effected also. I used their ATM at one of their banking centers in good faith. How do you explain to a child that all the grocery money is gone at this time? Not to mention that the companies you owe money to on a monthly basis don't care that this has happened. As of today, Wells Fargo can't tell me when I'll have my money and I did everything I was supposed to; police report and notified them immediately Sunday night. I'm guessing that the executives at 1st Source aren't stressing about how they are going to take care of their families right now because all their money is gone.
Posted by: Puzzled Location: South Bend on Jun 19, 2008 at 01:13 PM
It stinks that this happens. Blaming the bank instead of the criminal seems insane. Good hackers can get around even the most sophisticated systems. Web security teams spend countless hours trying to find ways that hackers can get in and then patching any breeches they find. It'd be one thing if no barriers were in place, but they try the best they can to keep people out. Those of you advocating that you sue the banks should seriously think about what you're saying. That won't solve anything...it will only take money away from them that could be spent on trying to beef up security further. If you're worried about getting your identity or electronic funds stolen, stop using all electronic devices (cell phones, computers, ATMs, etc.) immediately and only pay with cash. I'm not saying we should accept this type of theft, but you do have some responsibility to look out for yourselves.
Posted by: ND Fan Location: ND on Jun 19, 2008 at 01:11 PM
Drained- people like you are the reason society is the way it is- eager to sue anyone. If the bank had no security system in place, fine. But the point of the story is that it is a security breach- some hackers got into the system. The bank was a victim too. It happens every day to thousands of people. How about tracking down the hackers and punishing THEM? Then again, that would make too much sense, right?
Posted by: Stephanie on Jun 19, 2008 at 12:32 PM
Sam-you are not reading correctly if you are blaming internet users for this fraud. The hackers got the information from the bank and got the ATM card numbers and PINs from their computers-not from the internet. Your information was not compromised because of your bank or ATM usage. I am neither lazy or foolish and have never been the victim of fraud in the 9 years I've been banking or making purchases online. Perhaps you should look at your bank or credit card company.
Posted by: Anon Location: Here on Jun 19, 2008 at 12:19 PM
Also, Chester, I don't know what branch you go to, but none of the 8 or so branches that I have been in "share" a terminal- each window has it's own computer. You should get your facts straight.
Posted by: Anon Location: Here on Jun 19, 2008 at 12:16 PM
Robin, you have no clue what you're talking about. 1st Source is one of the few places that DOES NOT charge to use a teller or customer service. You must be confused.
Posted by: Myrt on Jun 19, 2008 at 11:54 AM
Sam in NE Indiana, No matter if you have been on the internet or not, your information is out there. Almost all businesses use the web in some manner and your credit card, bank and personal information is out there. The IRS has been hacked into before - just think of all the Social Security numbers someone had access to. No one is safe from on-line fraud.
Posted by: robin on Jun 19, 2008 at 11:40 AM
Watch out when calling 1st source's customer service number, because they will rob you too. They charge their cutomers fees for calling in to take care issues not just using automated system but also to speak to someone.
Posted by: Drained Location: Mishawaka on Jun 19, 2008 at 11:29 AM
Anyone know a good lawyer? 1st Source should pay for this mess!
Posted by: Anonymous on Jun 19, 2008 at 11:21 AM
call and deactivate you old cards, they are still active, some news station has to put this on air, what good is it if you still have your old card active, come on WNDU do a good job.
Posted by: Anonymous on Jun 19, 2008 at 11:06 AM
Like I post yesterday if everyone is so worried check with your homeowners or renters insurance. Some have fraud coverage and it would help with something like this and also credit card fraud.
Posted by: Sam Location: Northeastern IN on Jun 19, 2008 at 11:03 AM
Nancy, Stacy's comments about the Indiana Debit Card refers to all individuals receiving money from the State of IN for: Unemployment, Child Support, State Assisted Health benefits, etc. It all comes in the form of issued Debit Cards, due to many stolen checks by thieves. Such Debit Cards can become compromised just as any bank card has fallen victim into the wrong hands,in an act of theft. Leakage of personal information can and does occur within governmental offices, just as in banks. Banks use outside vendors to shred their banking transactions, just as (Perhaps) the govt does. It's too bad that top notch shredding machines are not incorporated within such institutions. I place no trust in a Govt/Banking Vendor, so I ask that all paperwork be given to me and not thrown in their basket.
Posted by: Sam Location: Northeastern IN on Jun 19, 2008 at 10:29 AM
I do not do ANY business over the Internet, not banking, not retail, nothing that discloses "ANY" personal information. If I cannot gain an 800 number, no business is done. I guess I have all the internet users who conduct banking business to thank for the Idenity Theft Fraud. It was through your hand that my banking accounts were compromised. Yes, my bank replaced all funds along with changing all account numbers; But, really, what does that help when you internet users open the door to bank fraud. When are you going to learn to do bank transactions separately from internet use. Do you feel the phone as invasive to idenity theft, as the internet? Hackers pick up on Idenity Theft only because of the laziness and foolishness of individuals who cannot see the hand in front of them in using the internet for banking/investment transactions. I have you to thank for creating Idenity Theft against me three times within two years. I thank God, that my banking institution remains responsibl.
Posted by: stay at home mom Location: south bend on Jun 19, 2008 at 10:01 AM
I used to work for 1st source and I can tell you the old system of the bank was very out of date. On the other hand, I could conduct a transaction ten times faster than the tellers can with the new system. I used to be able to be in and out of the bank in under 2 minutes for a straight deposit. Now it takes 3 to 4 minumum.
Posted by: Rose Location: SB on Jun 19, 2008 at 09:55 AM
I feel the banks should not only "reimburse" but also some sort of compensation for the breach of security rather than a apology letter. I'm not talking a significant amount of compensation, but something to say "hey, were sorry our security system sucks, this is what we are going to do for you". The odds on an arrest being made is VERY slim!
Posted by: Yellow Shirt Location: South Liberty on Jun 19, 2008 at 09:54 AM
I doubt them people even know what the internet is....even I have a modem.
Posted by: Anonymous on Jun 19, 2008 at 09:50 AM
****Keep in mind what a prior post said, after you activate the new 1st source debit card, you need to call your branch and have them deactivate the old one. I activated my new one days ago and called after i read that post, my old one was still activated.*****
Posted by: TheTruth Location: Mishawaka on Jun 19, 2008 at 09:15 AM
Switching banks won't help. Living in a cave with your money might, but you will have to look out for the four legged animals. This is a way of life, hackers, criminals, terrorists, kids with high IQ's..this is the world we live in. NO matter what type of security is in place, there are minds out there who relish in figuring out how to break the system. STealing money is a very sophisticated crime. With the computer systems we have, getting caught is almost impossible. You will never hear about an arrest being made ever. We are living in a world of haters and criminals. Deal with it. LOOK at those who have lost their homes in the floods, look at those who are dying for no reason over seas. Puts our problems way on the back burner. I have lost money too, but it was reimbursed quickly. Watch, there will be a slew of the 'others' who will SAY they were victims of fraud, but just went and over spent at Walmart. Ongoing nut cases never cease to amaze me.
Posted by: Matt Location: Mishawaka on Jun 19, 2008 at 09:09 AM
I have been a loyal customer of 1st Source since I was 12. I don't have a ton of money in the bank and I wouldn’t consider myself one of their higher profile customers by any means but I am an average Joe. This is the last straw. I am so fed up with their new online banking system. They merged over to some new system a few months ago and it is beyond horrible. Debts take forever to show up, sometimes WEEKS. Also deposits sometimes take up to five days to show up. I concede they have been working to fix these problems but the banking system compared to Wells Fargo that I use for work, is night and day difference. And on top of that Wells Fargo isn’t even that great 1st Source is just Horrible! Unfortunately I will be moving banks. Thanks for the years prior to “the new system.”
Posted by: Anonymous on Jun 19, 2008 at 09:00 AM
why should retailers be held accountable? take care of your own info.
Posted by: Nicole Location: Elkhart on Jun 19, 2008 at 08:56 AM
Having worked for a major credit card company in the past; there isn't much protection the banks nor the police can give us anymore when it comes to our personal information. People can hack into banking systems, especially over the internet, which in turn supplies them with all the information they need. 1st Source stated there customers were not at risk and yet the hackers got away with more than just card numbers - they now have addresses of 1st Source bankees plus our ssn's. The best thing for anyone to do is be vigilant of their information and accounts on a weekly if not daily basis. Take the time to check your records, look at every charge you make or possibly didn't make - investigate suspisous calls or orders. The police cant do much either except take a report, they don't even go after said criminal (I know because they didn't go after the woman who got my bank acct. information and they KNEW who she was.)
Posted by: Mary Location: Mishawaka on Jun 19, 2008 at 08:53 AM
This happened to me also. I think it started at Elite Nails in Mishawaka. Did anyone else use their debit card there?
Posted by: Chester Location: sb on Jun 19, 2008 at 08:51 AM
1st source is computer incompetent and I will not bank there. If you notice they do not have a computer system at their teller windows–they all use one computer terminal & rely on writing things down. They lost a teller deposit I made-probably deposited it into another account thru mistyping. Key bank is not much better. They lost an ATM $550 deposit of mine then about a year later arrested a exec for stealing money. I am a computer programmer and all this does not surprise me.
Posted by: Anonymous on Jun 19, 2008 at 08:30 AM
Hey Lucy, not a samll ATM machine
Posted by: Beef Location: Lakeville on Jun 19, 2008 at 08:23 AM
Bye Bye First Source!!! Me not use you again.
Posted by: Willie Location: Niles on Jun 19, 2008 at 07:37 AM<