If you’ve shopped at a Michaels big-box craft store recently and used a credit or debit card, keep an eye on your statements, especially if you shopped in the greater Chicago area. The chain notified customers on its e-mail list earlier today about a possible PIN pad breach in Chicago that may apply to other stores as well. [More]
Everything’s bigger in Texas. Even data breaches. As many as 3.5 million residents of the state found their personal data has been set free in a gaffe by the state government. [More]
A Massachusetts restaurant chain agreed to pay a $110,000 fine to settle a complaint that alleged hackers nabbed customers’ credit card and debit card info in 2009. [More]
Albert Gonzalez, the mastermind behind most of the multi-million dollar credit card breaches in the past few years, is being sentenced this week. (Feds are asking for 25 years.) Now his former accomplice, Stephen Watt, has told Wired that while Gonzalez was busy stealing and selling credit card data he was also being paid under the table by the U.S. Secret Service to inform on others, earning as much as $75,000 in cash annually. [More]
CBS 5 exposed a “gaping hole” in the code of California’s state-run employment website that allows anyone who views the site to access and modify other users’ resumes and personal info simply by changing some numbers in the URL.
The Better Business Bureau has released a warning to be aware of scammers calling to threaten people with arrest “within the hour” for defaulting on payday loans. What makes them stand out from normal debt collecting scammers is these callers have huge amounts of personal info on their victims, including Social Security and drivers license numbers; old bank account numbers; names of employers, relatives, and friends; and home addresses.
Visa has removed Heartland Payment Systems and RBS WorldPay, the two huge payment processors that suffered recent data breaches, from its list of companies that are in compliance with Payment Card Industry (PCI) rules. It says they can get back on the list when they recertify that they have proper security in place. While this may sound like a significant change in the status of the companies, in reality it does little to change how the three companies do business with each other or with merchants. It’s just a way for Visa to protect itself from any upcoming lawsuits by banks and credit unions against the payment processors.
Stein Mart was caught “printing expiration dates and/or more than the last five digits of credit cards on receipts,” and was subsequently hit with a class action lawsuit for exposing sensitive customer data. Now they’ve settled by agreeing to run coupons in local newspapers. It gets better: instead of a flat 20% off coupon, the store is requiring minimum-purchase amounts that reduce the savings if your purchase falls between the arbitrarily set thresholds.
- $10 off a purchase of $50 or more
- $20 off a purchase of $100 or more
- $30 off a purchase of $150 or more
We need a new federal law that says class action lawyers have to be compensated in the same manner as their clients. Give those hard working guys and gals some $30-off coupons, please!
Somewhere between 51,000 and 200,000 records were stolen from Montgomery Ward’s servers last December—the company says it’s the smaller number, but CardCops, the group that spotted the hack in the first place, “spotted hackers touting the sale of 200,000 payment cards belonging to one merchant” in June, which is how the story became public. Montgomery Wards knew about the breach when it happened, and although they reported the crime to federal investigators, they didn’t tell any of the victims. The CEO of Direct Marketing Services, which owns the Montgomery Ward name, told the Associated Press that after he alerted investigators he felt his company “had met its obligations.”
Last December, Theodore Karantsalis received a letter from Sprint, where he was a customer, telling him that someone who banks with Wells-Fargo—where he’s not a customer—was presented with his invoice and personal data when they logged into their Wells-Fargo Checkfree account. The customer contacted Sprint, and Sprint contacted Karantsalis. Karantsalis decided that he’d deal with the issue on his own instead of bringing a lawyer into it or throwing his hands up in frustration, so he took both companies to small claims court.