Cyber Incident Victim: Bank of North Dakota
Date:
Jan 2008
Location:
United States of America
Summary
Hackers affiliated with @TheFamilyMethod, operating under the alias @hackinyolife ("Fear"), publicly claimed responsibility for compromising the Bank of North Dakota and released transaction logs containing 124 records. The exposed data included cardholder postal addresses, payment card types, the last four digits of card numbers, transaction authorization codes, and merchant details, though consumer names were not present in the logs. The financial institution did not respond to inquiries from a cybersecurity outlet seeking confirmation of the breach's authenticity after being notified of the data disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In March 2016, hackers using the alias @hackinyolife ("Fear") publicly claimed responsibility for a cyberattack against the Bank of North Dakota (BND), attributing the breach to members of the group @TheFamilyMethod. The attackers posted a sample of transaction logs on a public paste site as evidence of their compromise. The exposed records contained 124 entries dated to 2008, featuring transactional metadata such as account numbers, merchant transaction IDs, authorization codes, card brand information, and the last four digits of card numbers. While consumer names were absent from the dump, the logs included postal addresses, phone numbers, transaction cities, card verification data (CVD), and AVS (Address Verification System) details. Specific fields also covered transaction amounts, dates, confirmation numbers, error codes, and authorization types, indicating broad exposure of payment processing information. The data's age suggested historical system access rather than a contemporaneous breach, though its authenticity remained unverified by the bank at the time of disclosure. Cybersecurity outlet DataBreaches.net attempted to notify BND via email about the claimed breach and the posted data but received no acknowledgment or response from the institution within the initial reporting window.
The incident exposed financial data elements that could facilitate identity theft or targeted phishing campaigns, though the absence of full card numbers and CVV codes limited direct fraud potential. Compromised address and phone information increased privacy risks for affected individuals, while merchant transaction IDs and authorization codes revealed operational details about BND's payment systems. The public posting of the data confirmed unauthorized access to the bank's records, though the scope of the full breach—including whether additional records were exfiltrated beyond the 124 posted transactions—was not disclosed by the attackers. No ransomware demands or extortion attempts were referenced in the available claims. The bank's lack of public confirmation or denial left the incident's operational impact unresolved in the immediate aftermath, with no observable containment measures, customer notifications, or regulatory disclosures reported in the source material during the initial disclosure period. The historical nature of the data raised questions about archive system security but did not indicate ongoing compromise of active financial systems.