# Commerce Bank in US hacked



## Glaswegian (Sep 16, 2005)

A regional bank in the U.S. said it was able to deflect most of a hacking attempt on its database, but not before some customer information was divulged.

Commerce Bank N.A., which operates banks in five U.S. states, said Tuesday that a hacker gained access to a database with about 3,000 customer records and accessed data belonging to 20 of them. The bank is contacting those who may have been affected.

The hacking was quickly detected and stopped, according to Commerce Bank, which then notified law enforcement.

It wasn't clear how the hacker accessed the bank's database. A common method is by passing malicious data through Web-based forms, known as a SQL (Structure Query Language) injection, which can force the database to reveal other information it holds.

Hackers often look for vulnerabilities in bank and e-commerce Web sites that will allow them to tap into their back-end databases.

Commerce Bank is a subsidiary of Commerce Bancshares Inc., a regional bank holding company.


----------



## Cellus (Aug 31, 2006)

It is also possible, and I say this merely as a personal observation, that custom in-house apps commonly are not properly designed and written to be secure against some forms of unsolicited access to databases. Safeguards in place that can protect against such things are bypassed when apps and tools drill through it all or just completely bypass the protection to get them to work, making them a proverbial ***** in the armor.


----------

