Christopher Soghoian over at Cnet is reporting that Turkish police may have used violence to get the encryption keys of one of primary ringleaders in the TJ Maxx credit card theft investigation. The suspect, Maksym Yastremskiy, is apparently a “major figure in the international sale of stolen credit card information.”
You know how sometimes in football both teams will screw up on the same play and the penalties will offset? We’ve just found the fraud version of that situation. Three men brought a laptop computer box to Walmart and said that they’d been sold an empty box. Walmart thought they were being scammed, so they called the police. That’s when all hell broke loose.
A new study National Cyber Security Alliance says that you’re probably making one of these 7 stupid mistakes when it comes to your own online security. The study shows that when Symantec, polled 3,000 online users and scanned the computers of 400 of them, 81 percent of respondents said they were using a firewall, but only 42 percent indeed had a firewall installed on their computer. Whoops.
Yesterday, the Seattle Post-Intelligencer reported that the police were looking for two men who were posing as Comcast employees as a ruse to steal social security numbers. The men were driving an unmarked car, wandering around a neighborhood knocking on doors and telling residents they needed to fix some wiring issues. One resident refused, claiming that she didn’t have an appointment. She then saw the employees start knocking on other doors and, finding it unlikely that her entire neighborhood could have “wiring issues,” called the police.
Blue Cross Blue Shield Of Georgia Sends 202,000 Letters Containing Personal Information To The Wrong Addresses
Well, if you’re having a bad day at work, rest assured that someone in Georgia is having a worse one. The Journal-Constitution is reporting that 202,000 Blue Cross Blue Shield of Georgia customers had their personal information exposed, including (in some cases) their social security numbers, thanks to an error in the computerized mailing system. The system was apparently used before it was tested.
Stein Mart was caught “printing expiration dates and/or more than the last five digits of credit cards on receipts,” and was subsequently hit with a class action lawsuit for exposing sensitive customer data. Now they’ve settled by agreeing to run coupons in local newspapers. It gets better: instead of a flat 20% off coupon, the store is requiring minimum-purchase amounts that reduce the savings if your purchase falls between the arbitrarily set thresholds.
- $10 off a purchase of $50 or more
- $20 off a purchase of $100 or more
- $30 off a purchase of $150 or more
We need a new federal law that says class action lawyers have to be compensated in the same manner as their clients. Give those hard working guys and gals some $30-off coupons, please!
All the security in the world can be rendered useless by human error, it seems. Marko Karppinen, a software designer, says Apple gave his password to someone who simply emailed them and asked for it.
UPDATE: Adam has been in contact with the owners and has posted an update on his site.
Google now helps catch criminals. The FBI identified a Citibank PIN thief by cross-referencing security camera footage with an ICQ handle and personal photos on ham radio enthusiasts sites. [Information Week]
Somewhere between 51,000 and 200,000 records were stolen from Montgomery Ward’s servers last December—the company says it’s the smaller number, but CardCops, the group that spotted the hack in the first place, “spotted hackers touting the sale of 200,000 payment cards belonging to one merchant” in June, which is how the story became public. Montgomery Wards knew about the breach when it happened, and although they reported the crime to federal investigators, they didn’t tell any of the victims. The CEO of Direct Marketing Services, which owns the Montgomery Ward name, told the Associated Press that after he alerted investigators he felt his company “had met its obligations.”
Cole discovered that by simply incrementing a numerical string by one in a url Best Buy sent out, he could pull up screen after screen of random customer info. Fortunately, all he could see were customer names, their home addresses, and their order numbers. It’s still surprising that Best Buy—or more specifically, Postpublisher.net, the email company they outsourced this to—wasn’t more careful with customer security.
Feel wary about giving applications access to your Facebook page? Worried one of those quizzes or games might be maliciously harvesting your data? You were right to worry. The BBC had the same idea, so they decided to write a program to do just that. And it worked. Not only did it steal the data of Facebook users who installed the application, it also victimized all of their “friends.”
A small California grocery store chain and its…
Police have arrested Paul Hank, a distribution clerk at the Smithtown, NY post office, after he stole credit cards from the mail and went on a shopping spree, says Newsday
This should have been one of the first things your parents told you about avoiding scams, but in case they were busy watching TV or something — here you go:
Phoung Cat Le from the Seattle Post-Intelligencer reports that a colleague of hers is the victim of income tax ID theft. A scammer filed her income taxes before she did, hoping to get a hold of her refund and stimulus check.
When reader Steve went to Wal-Mart to buy Rock Star for his daughter, he reluctantly presented the cashier with a state issued ID containing just his picture, name and signature. Steve’s job is to consult with law enforcement about identity theft, so he’s more careful than the average bear.