130 million is a large number, but that’s how many credit card numbers a group of three hackers are alleged to have stolen from five different companies including 7 Eleven, Hannaford, and Heartland Payment Systems says the Department of Justice.
ID theft
New Jersey: Sorry, We Mailed Your SSN To Some Random Companies
By 5.19.09
Oh, human error. New Jersey has announced that an unknown number of unemployed residents had their personal information shared with companies they never worked for.
Beware Of Fake Facebook
By 4.16.09
Reader Eric says he got a fairly realistic-looking Facebook phishing email and wanted to warn others not to click.
By 2.24.09
../../../..//2009/02/24/an-employee-of-starbucks-has/
An employee of Starbucks has filed a class action lawsuit against the company for failing to properly secure employee data. The employee was one of one of 97,000 notified late last year after a Starbucks laptop containing employee names, addresses and Social Security numbers was stolen. [NetworkWorld via Starbucks Gossip]
You Can Steal The Empire State Building In Only 90 Minutes
By 12.3.08
The Daily News has stolen the Empire State Building, and it only took 90 minutes. They made up some fake paperwork and successfully got the deed to the 102-story landmark transferred to a fake company called “Nelots Properties LLC.” Get it? Nelots? Stolen? The information provided to the city register was laughably fake — King Kong star Fay Wray was listed as a witness.
Bank Sends You Another Copy Of Your Credit Card Just To Remind You To Use It
By 11.12.08
Here’s a weird story. Chris at PhillyBurbs.com was dealing with some ID theft problems (random charges were showing up on his credit cards) when he got a random credit card in the mail. It was an extra copy of a card he did indeed have. Wondering if someone was trying to get copies of his cards — he contacted the bank:
Did Turkish Police Beat Information Out Of A Suspect In The TJ Maxx Credit Card Case?
By 10.24.08
Christopher Soghoian over at Cnet is reporting that Turkish police may have used violence to get the encryption keys of one of primary ringleaders in the TJ Maxx credit card theft investigation. The suspect, Maksym Yastremskiy, is apparently a “major figure in the international sale of stolen credit card information.”
Walmart Sells You An Empty Box Instead Of A Laptop — But You Bought It With Stolen Credit Cards
By 10.14.08
You know how sometimes in football both teams will screw up on the same play and the penalties will offset? We’ve just found the fraud version of that situation. Three men brought a laptop computer box to Walmart and said that they’d been sold an empty box. Walmart thought they were being scammed, so they called the police. That’s when all hell broke loose.
7 Stupid Online Security Mistakes You're Probably Making
By 10.3.08
A new study National Cyber Security Alliance says that you’re probably making one of these 7 stupid mistakes when it comes to your own online security. The study shows that when Symantec, polled 3,000 online users and scanned the computers of 400 of them, 81 percent of respondents said they were using a firewall, but only 42 percent indeed had a firewall installed on their computer. Whoops.
Idiot Comcast Door-To-Door Salesmen Cause Neighborhood Panic
By 9.19.08
Yesterday, the Seattle Post-Intelligencer reported that the police were looking for two men who were posing as Comcast employees as a ruse to steal social security numbers. The men were driving an unmarked car, wandering around a neighborhood knocking on doors and telling residents they needed to fix some wiring issues. One resident refused, claiming that she didn’t have an appointment. She then saw the employees start knocking on other doors and, finding it unlikely that her entire neighborhood could have “wiring issues,” called the police.
Blue Cross Blue Shield Of Georgia Sends 202,000 Letters Containing Personal Information To The Wrong Addresses
By 7.30.08
Well, if you’re having a bad day at work, rest assured that someone in Georgia is having a worse one. The Journal-Constitution is reporting that 202,000 Blue Cross Blue Shield of Georgia customers had their personal information exposed, including (in some cases) their social security numbers, thanks to an error in the computerized mailing system. The system was apparently used before it was tested.
Stein Mart Settles Personal Data Breach By Offering… Coupons
By 7.8.08
Stein Mart was caught “printing expiration dates and/or more than the last five digits of credit cards on receipts,” and was subsequently hit with a class action lawsuit for exposing sensitive customer data. Now they’ve settled by agreeing to run coupons in local newspapers. It gets better: instead of a flat 20% off coupon, the store is requiring minimum-purchase amounts that reduce the savings if your purchase falls between the arbitrarily set thresholds.
- $10 off a purchase of $50 or more
- $20 off a purchase of $100 or more
- $30 off a purchase of $150 or more
We need a new federal law that says class action lawyers have to be compensated in the same manner as their clients. Give those hard working guys and gals some $30-off coupons, please!
"Apple Just Gave Out My Apple ID Password Because Someone Asked"
By 7.8.08
All the security in the world can be rendered useless by human error, it seems. Marko Karppinen, a software designer, says Apple gave his password to someone who simply emailed them and asked for it.
Curves Leaves Working Computer Full Of Personal Information In An Office Dumpster
By 7.4.08
UPDATE: Adam has been in contact with the owners and has posted an update on his site.
By 7.3.08
../../../..//2008/07/03/google-now-helps-catch-criminals/
Google now helps catch criminals. The FBI identified a Citibank PIN thief by cross-referencing security camera footage with an ICQ handle and personal photos on ham radio enthusiasts sites. [Information Week]
Montgomery Ward's Hacked 6 Months Ago, But Victims Weren't Told
By 6.30.08
Somewhere between 51,000 and 200,000 records were stolen from Montgomery Ward’s servers last December—the company says it’s the smaller number, but CardCops, the group that spotted the hack in the first place, “spotted hackers touting the sale of 200,000 payment cards belonging to one merchant” in June, which is how the story became public. Montgomery Wards knew about the breach when it happened, and although they reported the crime to federal investigators, they didn’t tell any of the victims. The CEO of Direct Marketing Services, which owns the Montgomery Ward name, told the Associated Press that after he alerted investigators he felt his company “had met its obligations.”
Bank of America Calls Your Dad, Asks If He'd Like To Pay Your Bill For You
By 5.23.08
Reader Dan says Bank of America called his old address and gave out his account details to the person who answered the phone. Luckily, that person turned out to be his father, though Bank of America didn’t know that. Once they did know they were speaking to a relative, they asked Dan’s dad to pay his bill for him.
It's Easy To Access Random Customer Info With Best Buy URLs
By 5.2.08
Cole discovered that by simply incrementing a numerical string by one in a url Best Buy sent out, he could pull up screen after screen of random customer info. Fortunately, all he could see were customer names, their home addresses, and their order numbers. It’s still surprising that Best Buy—or more specifically, Postpublisher.net, the email company they outsourced this to—wasn’t more careful with customer security.
