To: Fast Facts List

Fast Facts: RECENT CYBER ATTACKS

FACT: Since late September 2012, large financial institutions have been the subject of (or threatened to be the subject of) attacks intended to disrupt the availability of their Web sites. A group that calls itself the Cyber Fighters of Izz ad-din Al Qassam has claimed credit for these attacks. FACT: The attacks have flooded certain bank Web sites with an extremely high volume of electronic traffic from thousands of locations around the world. This flood of traffic, called a distributed denial of service (DDoS) attack, is intended to slow down or disable the banks Web site. FACT: The attacks are not designed to be and have not resulted in - a data breach, hacking, or unauthorized access to consumer information. Consumers still can access their accounts through alternative means, including bank branch offices and call centers. FACT: The financial services industry has robust cyber protections in place. Banks collaborate with other banks, federal regulators such as Treasury, law enforcement officials, other government agencies such as the FBI and DHS, Internet Service Providers, and Internet security experts to fully analyze and deflect online attacks and deliver safe and consistent online service. Financial services institutions use sophisticated online security strategies to protect customer accounts and continue to invest in technology to increase capacity and defend against potential attacks. Financial services institutions are regularly examined by their primary federal regulator to ensure their compliance with cybersecurity regulations and information standards, including standards set in the Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard, and FFIEC Information Technology Examination Handbooks. Banks collaborate with the Financial Services Information Sharing and Analysis Center (FSISAC) which is an industry forum for collaboration on critical security threats facing the financial services sector. FACT: While there is nothing in particular that customers can do in response to the DDoS attacks, consumers can improve the general security of their private information by using the following tips: Install on your computerand keep updatedanti-virus software, firewall and anti-spyware software. Set your computers operating system and browser to automatic download to ensure your operating system and browser include the latest security updates. Dont get hooked by phishing. Do not respond to unsolicited emails requesting personal information and do not download attachments on unsolicited emails.

October 2012

Use strong passwords and change them regularly. The best passwords are longa minimum of 8 charactersand complex. Not your birthday or the name of a child or pet. Use a combination of numbers, symbols and letter; something meaningful to you like an acronym or batting averages, but not easily guessed.

FOR MORE INFORMATION ABOUT THE INDUSTRYS CYBERSECURITY EFFORTS, PLEASE CONTACT ANN PATTERSON AT ANN@FSROUND.ORG. View all previous Fast Facts at www.RoundtableResearch.org For over 100 weeks, the Roundtable has delivered Fast Facts to select opinion leaders in the financial services industry, Congress, and media. Fast Facts provides easy-to-understand, reliable research about current issues facing the financial services. Financial Services HOTLINE: If you have questions about this topic or any other issue facing financial services, please reach out to Abby McCloskey, Director of Research at the Financial Services Roundtable, at 202-589-2531 or Scott Talbott, Senior Vice President of Public Policy, at 202-289-4322. Learn more about the Financial Services Industry at www.OurFinancialFuture.com. OurFinancialFuture.com is continuously updated to bring you the most useful information about the industry in real-time.

October 2012