What constitutes adequate security for a bank? PlainsCapital Bank in Lubbock, Texas says what it currently has is enough, and if after all that some crooks still manage to steal your money, it’s not the bank’s fault. The bank has preemptively sued a business customer, Hillary Machinery, to absolve itself from any liability on what it couldn’t get back from the more than $800,000 that was stolen by foreign hackers last November. [More]
Richard, whose wife had her Hotmail account swiped by a hacker, was able to get it back by calling Xbox Live customer service, of all people.
Hey, we helped get an Ameriprise customer banned from the financial company’s consumer advisory panel! Sorry about that, Brendan.
[Note: The original headline for this post mistakenly identified Ameritrade as the subject of the post. It is actually Ameriprise Financial. I deeply regret the error.] Since March of this year, security expert Russ McRee of HolisticInfoSec.org has sent 6 messages to Ameriprise Financial warning them of easily exploitable security holes on their website. They ignored every request, while at the same time reassuring customers that “No one without the proper web browser configuration can view or modify information contained on our systems.”
Nobody knows yet whether it was planted by an attendee, or if the ATM had been there for some period of time before the event, but hackers at last week’s DefCon conference in Las Vegas discovered a rogue unit that was designed to capture customers’ credit card data with each use.
It turns out our Social Security numbering system, which launched in 1936, isn’t very foolproof against some types of hacking. The New York Times reports that researchers at Carnegie Mellon University “used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth.”
Just when you thought that you and your ATM card data were safe from criminal eyes, Scientific American brings a different sort of threat. This time, the skimmers are inside the machine. Malware within the ATM itself harvests enough data to do some very bad things.
The Washington Post says that a hacker encrypted 8 million patient prescription records from a Virginia state website last week, deleted the backups, and replaced the home page with a ransom note. If the state doesn’t pay $10 million within 7 days, the hacker has threatened to sell the data to the highest bidder.
Ex-Countrywide Employee Sells Your Data, They Offer Credit Monitoring Service, Hang Up When You Ask For It
Re: Countrywide Sends Fraud Alert Letters: ‘Your Info May Have Been Sold,” Reader Esqdork writes, “Yesterday, I phoned Countrywide to get them to extend the credit monitoring service [that they offered in their apology letter] to my co-borrower and was promptly hung up on.” The only surprise here is that they even picked up in the first place.
I received a letter from Countrywide today that says:
Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country, and on Friday they announced that they’d found credit card skimmers attached to three of their kiosks. What’s surprising is that they ‘fessed up so quickly, and in a highly public manner—they’ve got the text “SECURITY ALERT” at the top and bottom of their website, and the email they sent to their members is detailed, forthright, and helpful, and reposted in its entirety—along with photos of sample card skimmers—on their site. Attempts at identity theft no longer surprise us, but a competent handling of the issue by a company is pretty amazing.
DSL Reports has the story of an outsourced Comcast tech was fired after bragging online about using internal Comcast systems to get vengeance on hackers disrupting his Xbox. After annoying little twerps intentionally overloaded his Xbox with data (known as packet flooding), Mark Ribeiro, who describes himself as a “Comcast tier 2.5 support agent, which essentially means im one of the top 1% elitest agents,” went to work. First he identified one of the perps and found out he was a Comcast customer. Then he looked up the kid’s info in the Comcast support system and called the kid’s father…
Computerworld is reporting that “a series of SQL injection attacks” on a third-party e-commerce company’s servers has compromised the personal data of customers who shopped at Major League Soccer’s MLSgear.com website. One affected customer told us he received a letter from MLSgear.com letting him know what had happened and offering him free credit monitoring services for a year, which is apparently the standing corporate response to personal data theft.
If you bought anything from Geeks.com in at least the last year or so, you might want to start paying close attention to your credit card statements—the company sent out an email on Friday telling former customers that they “recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised.” Full email after the jump.