130 million is a large number, but that’s how many credit card numbers a group of three hackers are alleged to have stolen from five different companies including 7 Eleven, Hannaford, and Heartland Payment Systems says the Department of Justice.
Reader Eric says he got a fairly realistic-looking Facebook phishing email and wanted to warn others not to click.
An employee of Starbucks has filed a class action lawsuit against the company for failing to properly secure employee data. The employee was one of one of 97,000 notified late last year after a Starbucks laptop containing employee names, addresses and Social Security numbers was stolen. [NetworkWorld via Starbucks Gossip]
The Daily News has stolen the Empire State Building, and it only took 90 minutes. They made up some fake paperwork and successfully got the deed to the 102-story landmark transferred to a fake company called “Nelots Properties LLC.” Get it? Nelots? Stolen? The information provided to the city register was laughably fake — King Kong star Fay Wray was listed as a witness.
Here’s a weird story. Chris at PhillyBurbs.com was dealing with some ID theft problems (random charges were showing up on his credit cards) when he got a random credit card in the mail. It was an extra copy of a card he did indeed have. Wondering if someone was trying to get copies of his cards — he contacted the bank:
Christopher Soghoian over at Cnet is reporting that Turkish police may have used violence to get the encryption keys of one of primary ringleaders in the TJ Maxx credit card theft investigation. The suspect, Maksym Yastremskiy, is apparently a “major figure in the international sale of stolen credit card information.”
You know how sometimes in football both teams will screw up on the same play and the penalties will offset? We’ve just found the fraud version of that situation. Three men brought a laptop computer box to Walmart and said that they’d been sold an empty box. Walmart thought they were being scammed, so they called the police. That’s when all hell broke loose.
A new study National Cyber Security Alliance says that you’re probably making one of these 7 stupid mistakes when it comes to your own online security. The study shows that when Symantec, polled 3,000 online users and scanned the computers of 400 of them, 81 percent of respondents said they were using a firewall, but only 42 percent indeed had a firewall installed on their computer. Whoops.
Yesterday, the Seattle Post-Intelligencer reported that the police were looking for two men who were posing as Comcast employees as a ruse to steal social security numbers. The men were driving an unmarked car, wandering around a neighborhood knocking on doors and telling residents they needed to fix some wiring issues. One resident refused, claiming that she didn’t have an appointment. She then saw the employees start knocking on other doors and, finding it unlikely that her entire neighborhood could have “wiring issues,” called the police.
Blue Cross Blue Shield Of Georgia Sends 202,000 Letters Containing Personal Information To The Wrong Addresses
Well, if you’re having a bad day at work, rest assured that someone in Georgia is having a worse one. The Journal-Constitution is reporting that 202,000 Blue Cross Blue Shield of Georgia customers had their personal information exposed, including (in some cases) their social security numbers, thanks to an error in the computerized mailing system. The system was apparently used before it was tested.
Stein Mart was caught “printing expiration dates and/or more than the last five digits of credit cards on receipts,” and was subsequently hit with a class action lawsuit for exposing sensitive customer data. Now they’ve settled by agreeing to run coupons in local newspapers. It gets better: instead of a flat 20% off coupon, the store is requiring minimum-purchase amounts that reduce the savings if your purchase falls between the arbitrarily set thresholds.
- $10 off a purchase of $50 or more
- $20 off a purchase of $100 or more
- $30 off a purchase of $150 or more
We need a new federal law that says class action lawyers have to be compensated in the same manner as their clients. Give those hard working guys and gals some $30-off coupons, please!
All the security in the world can be rendered useless by human error, it seems. Marko Karppinen, a software designer, says Apple gave his password to someone who simply emailed them and asked for it.
UPDATE: Adam has been in contact with the owners and has posted an update on his site.
Google now helps catch criminals. The FBI identified a Citibank PIN thief by cross-referencing security camera footage with an ICQ handle and personal photos on ham radio enthusiasts sites. [Information Week]
Somewhere between 51,000 and 200,000 records were stolen from Montgomery Ward’s servers last December—the company says it’s the smaller number, but CardCops, the group that spotted the hack in the first place, “spotted hackers touting the sale of 200,000 payment cards belonging to one merchant” in June, which is how the story became public. Montgomery Wards knew about the breach when it happened, and although they reported the crime to federal investigators, they didn’t tell any of the victims. The CEO of Direct Marketing Services, which owns the Montgomery Ward name, told the Associated Press that after he alerted investigators he felt his company “had met its obligations.”
Cole discovered that by simply incrementing a numerical string by one in a url Best Buy sent out, he could pull up screen after screen of random customer info. Fortunately, all he could see were customer names, their home addresses, and their order numbers. It’s still surprising that Best Buy—or more specifically, Postpublisher.net, the email company they outsourced this to—wasn’t more careful with customer security.