Three weeks after Sally Beauty first said it was looking into whether it’d been the victim of a hack attack, the company says it’s confirmed that criminals used malware on some of its point-of-sale systems, possibly exposing payment information for customers who used cards at some of its U.S. stores. [More]
Sally Beauty: Investigation Confirms Customer Payment Info May Have Been Put At Risk, But Not Debit PINs
After the news yesterday that the Internal Revenue Service reportedly suspects Russian identity thieves were behind a breach that allowed thieves to access information for approximately 100,000 taxpayers, the Federal Bureau of Investigation says it’s now investigating the incident. [More]
United Offers “Bug Bounty” Of Up To 1 Million Miles For Hackers Who Find Vulnerabilities In Website, Mobile App
While big companies are known to quietly seek out the services of white-hat hackers to test for weaknesses in their networks and websites, it’s not every day that a major airline publicly offers a “bounty” to people who can diagnose vulnerabilities in its systems. [More]
Park-N-Fly, as you may be able to guess from the name, is a company that provides parking and shuttle services at airports. Customers can make parking reservations and pay online before their flights, which is very convenient. However, the company may have been the latest victim of a payment information breach, according to reports from card-issuing banks. [More]
It’s no longer surprising news when hackers infiltrate the systems of a brick-and-mortar retailer and run off with our credit card numbers. Shoppers have come to expect that kind of thing as a normal part of shopping. However, it’s interesting (and a bit scary) to note that two relatively small breaches at national chains could be linked. [More]
AT&T knows it needs to step up if it wants to be taken seriously these days as a wireless provider, so it’s been beefing up 3G coverage, rejiggering data plans, and of course ramping up the speed at which it leaks your private data to strangers. In fact, according to multiple reports from AT&T customers, the company has managed to pull off the neat trick of logging customers in to strangers’ accounts today during the iPhone 4 pre-order fiesta. See? You no longer have to wait until you’ve got the device in hand to worry about privacy issues. [More]
Albert Gonzalez, the mastermind behind most of the multi-million dollar credit card breaches in the past few years, is being sentenced this week. (Feds are asking for 25 years.) Now his former accomplice, Stephen Watt, has told Wired that while Gonzalez was busy stealing and selling credit card data he was also being paid under the table by the U.S. Secret Service to inform on others, earning as much as $75,000 in cash annually. [More]
This fall, credit card processors will being rolling out a new approach to preventing data theft, based on the assumption that it’s impossible to thwart every attack. Instead of keeping 100% of criminals out, they’ll segment and encrypt the data into such small chunks that it will no longer be a cost-effective crime.
The U.S. Secret Service has arrested three men in Florida on “hundreds of counts of credit card fraud” for using fake gift cards imprinted with account info stolen from Heartland Payment Systems last year. The Secret Service still thinks an Eastern European group is behind the Heartland breach, and that the Florida guys are smaller-time crooks who most likely purchased a subset of the stolen data.
We’ve received queries from readers telling us that their Citibank cards have been replaced, and asking whether we’ve heard about any new security breach. Other than Forever 21 we haven’t, so we’re wondering whether they’re responsible for the stories below.
We’d hoped that Activision’s blunder would be the last one, but it turns out the HR department at Aflac can’t find the BCC field either. Reader Corey writes in to let us know he just received an email addressed to him and 623 other people who were interested in jobs with the insurance company. Our guess is some of the recipients won’t be so interested in a career with a company that doesn’t care about the privacy of its employees. After the jump, a quick guide to obscuring other recipients’ email addresses so this doesn’t happen again.
UPDATE: Adam has been in contact with the owners and has posted an update on his site.
Remember TJX’s gigantic security breach problems last year, where data on 94 million accounts was stolen? Good for you, because apparently TJX doesn’t. A former employee of a TJX store in Lawrence, Kansas was fired recently for posting anonymous complaints online about the current sorry state of his store’s security, which included the store manager writing server login and password information on a sticky note, and the store resetting employee passwords to blank fields.
Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country, and on Friday they announced that they’d found credit card skimmers attached to three of their kiosks. What’s surprising is that they ‘fessed up so quickly, and in a highly public manner—they’ve got the text “SECURITY ALERT” at the top and bottom of their website, and the email they sent to their members is detailed, forthright, and helpful, and reposted in its entirety—along with photos of sample card skimmers—on their site. Attempts at identity theft no longer surprise us, but a competent handling of the issue by a company is pretty amazing.