Khosrow Zareh worked on software for the Eniac Technology Co., which provides services to almost all of Iran’s banks.
Zareh, after fleeing the country, last week put on the Internet the numbers that allow access to millions of bank accounts in Iran. He used a blog posting from France. (See last week’s Iran Times, page one.)
In a blog posting last Thursday, he denied stealing any account information.
He explained that he had not stolen anything because “the encrypted information and data on the magnetic strips of bank cards should not have been stored at Eniac.”
He said the data he posted “does not imply stealing information…. I stress that my action was to prevent any misuse of the data.”
The banks have urged their customers to come in and change their Personal Identification Numbers (PIN) before anyone gets access to their accounts. With the information Zareh posted on the web, anyone can go to an ATM machine and withdraw all the money in accounts.
There has been no word from the banks if they are taking any actions, such as blocking all accounts until new PIN numbers are selected.
Zareh said he had complained to his superiors about inadequate security “but my demands were ignored.”