Suffolk Bankcorp issued a statement this week that in December a hacker gained access to customer log-in credentials at subsidiary, Suffolk County National Bank.
The fact that the data was stored in plain text indicates a failure in the system development process, said Amichai Shulman, chief technology officer at Imperva.
"This should have been spotted in testing and remediated early on in the system development process," he said.
Imperva predicts that 2010 will see an increase in the theft of user credentials as they are a saleable and usable commodity.
Credit cards can be cancelled quickly and easily, but user credentials are often common to more than one online application, said Shulman.
"It is a lot more difficult for a large number of internet users to lock down their electronic identities, as they have to change their passwords on multiple systems," he said.