Old National Web site hacked

The Web site system of Old National Bank was hacked into early last week, resulting in the theft of customer information and an Internet phishing scam.

Paige McFarling, Old National corporate communications director, said the bank's officials discovered Sunday that its Web site had been accessed by an unauthorized person or persons.

McFarling declined to say whether the Social Security numbers of Old National customers had been exposed in the security breach, but she said the case has been turned over to federal officials and that a forensic investigation into the computer hacking is under way.

"We're still working to quantify and qualify exactly what was obtained," McFarling said. "In any situation where information is stolen, the Social Security number is often the target because it's what everyone uses to verify information. I can neither confirm nor deny whether Social Security information was included."

McFarling said the company was notified Thursday by customers and associates about the Internet phishing scam that ensued as a result of the hacking.

A phishing scam is one in which an unauthorized individual or individuals obtain a company's information and sends e-mails to that company's customers requesting personal information, such as Social Security numbers and account numbers.

Links provided in the e-mails are connected to a bogus Web site that resembles the company's official Web site. Any information submitted through the scam is then sent to hackers and not the bank itself.

Old National officials have located and shut down the Internet protocol address of the bogus Web site used in the phishing scam.

McFarling said phishing scams are not unusual but that consumers should never give out their personal information via e-mail.

"The most important message is that the phishing scam that has hit us is not unusual," McFarling said. "It is not limited to Old National Bank; it happens on a frequent basis, and the most important thing to tell readers is to remember to never respond to any e-mail that requests personal information like your Social Security number, your account number or even so much as your ATM pin number. You never supply that type of information across an e-mail line."

McFarling said since the hacking and scam was discovered, Old National has been contacting its customers by mail, phone and e-mail. McFarling said the bank has also posted information about the hacking on its official Web site.

"We took steps immediately to shut down the areas that they were trying to get to and protect our clients information," McFarling said. "The protection and security of our clients' information is the reason we're in business. We take those relationships seriously, and we have done everything we can possibly do since that time to secure our clients' accounts."

Old National has about 125 banks throughout Illinois, Kentucky, Indiana, Tennessee and Ohio. It is unclear at this time how many customers have been affected by the scam.

Old National officials at the main branch in Carbondale, located at 509 S. University Ave., declined to comment.