Speaking of losing a bank account...I'm curious how safe in the US bank accounts insured by FDIC are. I understand that it works well in the classic case of an insolvent bank where the problem is that the bank mismanaged its resources (too many bad loans, for example) and so doesn't have the money to cover deposits.
In such a case the bank has full records of everything that happened, and auditors could come in and figure out exactly how much is owed to whom.
But what would happen if online attackers got into a bank's systems and completely pwned the bank, having free run of the system for several months. Suppose they wiped all the live data, and managed to also wipe a few months of backup data.
How would FDIC figure out who lost what from insured accounts if the bank itself no longer has records covering that?
That isn't QUITE true. There are enough details that I can only speak in generalities, but in general, ordinary consumer accounts are indemnified against fraud and theft by the bank itself. US law requires that banks cover all or nearly all of a customer's losses to most sorts of fraud and theft (which it is depends on the kind of payment system) so long as it is a regular consumer account (small business accounts, for instance, may be out of luck) and the customer reports it within certain legally mandated time frames.
If the fraud is so extensive that the bank cannot afford to reimburse all of the customers, then the bank is undercapitalized and will be taken over by the FDIC.
In such a case the bank has full records of everything that happened, and auditors could come in and figure out exactly how much is owed to whom.
But what would happen if online attackers got into a bank's systems and completely pwned the bank, having free run of the system for several months. Suppose they wiped all the live data, and managed to also wipe a few months of backup data.
How would FDIC figure out who lost what from insured accounts if the bank itself no longer has records covering that?