130 million is a large number, but that’s how many credit card numbers a group of three hackers are alleged to have stolen from five different companies including 7 Eleven, Hannaford, and Heartland Payment Systems says the Department of Justice.
Christina decided to give the famed acai berry a try. What the heck, she must have thought, it won’t cost me that much ($10) and the site’s refund policy clearly indicates when I can return the product, cancel the “subscription,” and move on. She knew the cancel-by date and was prepared to follow the rules. AcaiBerryUltimate.com had other plans, which are best summed up by this email they sent to her: “You can get your refund in hell. haahah.”
Christopher Soghoian over at Cnet is reporting that Turkish police may have used violence to get the encryption keys of one of primary ringleaders in the TJ Maxx credit card theft investigation. The suspect, Maksym Yastremskiy, is apparently a “major figure in the international sale of stolen credit card information.”
The world’s greatest bank thief is in custody. For ripping off over 45.7 million consumer’s credit cards from TJ Maxx, and other retailers, authorities pressed charges on Miami mastermind Albert Gonzalez and 11 others. The stolen numbers were sold to other scammers who manufactured fake debit cards and drained their victims’ accounts. The breach stemmed mainly from TJ Maxx stores using an unsecured wireless router.
Remember TJX’s gigantic security breach problems last year, where data on 94 million accounts was stolen? Good for you, because apparently TJX doesn’t. A former employee of a TJX store in Lawrence, Kansas was fired recently for posting anonymous complaints online about the current sorry state of his store’s security, which included the store manager writing server login and password information on a sticky note, and the store resetting employee passwords to blank fields.
Last December, Theodore Karantsalis received a letter from Sprint, where he was a customer, telling him that someone who banks with Wells-Fargo—where he’s not a customer—was presented with his invoice and personal data when they logged into their Wells-Fargo Checkfree account. The customer contacted Sprint, and Sprint contacted Karantsalis. Karantsalis decided that he’d deal with the issue on his own instead of bringing a lawyer into it or throwing his hands up in frustration, so he took both companies to small claims court.
On paper, the merger between Kmart and Sears looked almost fool-proof. Investors were confident that hedge fund manager Eddie Lampert had the midas touch, and that Sears’ real estate holdings were worth more than $150 on their own. Sears’ well-regarded brands would be paired with Kmart’s convenient locations—and everyone would make tons of money.
Netflix has removed the monthly limits on all but its lowest-cost plan in an apparent attempt to position itself more competitively against Apple, which is expected to announce a downloadable movie rental service tomorrow. Now for as little as $8.99 per month you can watch as many movies on your PC as you can download.
TJX will be paying as much as 40.9 million in a settlement with Visa and the bank that processes their credit card payments , says the Associated Press.
The funds will be used to help U.S. credit card issuers such as banks recover costs related to the breach, which may have exposed more than 100 million cards to potential fraud, TJX said.
Last Sunday’s 60 minutes had a report by Lesley Stahl about the now-infamous TJX data breach.
When TJX revealed earlier this year that they’d failed to keep safe over 45 million customer credit card accounts, they were hit with both consumer and bank class action lawsuits. Now they’ve submitted a proposed settlement for the consumer class action suit that includes a strange, somewhat insulting offer: a “one-day sale” for victims of the theft. Attorneys general from eight states have filed an objection against the proposal, citing that even if it’s a well-intentioned goodwill gesture, it doesn’t belong as part of any official, legal settlement, which should be designed to benefit the victims rather than the retailer.
According to new court papers, Visa and Mastercard are saying that the TJ Maxx security breach actually affected 94 million accounts—more than double the amount that TJ Maxx reported.
Mouseprint.org has read the fine print and they say you’re probably out of luck when it comes to the TJ Maxx Settlement:
So, it is primarily shoppers who returned goods without a receipt during the relevant period who qualify for that part of the settlement. That amounts to some 455,000 people, a mere 1% of the total number possibly affected. These people have already received a direct notification of the breach from TJX, and will also be entitled to other compensation if they experienced actual losses.
The announcement did not specify the settlement cost, but noted that its estimated costs were included in a $107 million reserve included in its second-quarter report for fiscal 2008 and its estimate of $21 million in costs expected in fiscal 2009. The $107 million figure includes costs from other lawsuits not included in the customer class actions, the Framingham-based company said.
The infamous TJ Maxx data breach cut parent company TJX’s profits by more than half. The total bill for the breach? $256 million. [Boston Globe]
The Wall Street Journal is reporting that the most likely scenario for how the hackers stole an estimated 200 million card numbers is as simple as a person with a laptop breaking into the wifi network of a store:
The biggest known theft of credit-card numbers in history began two summers ago outside a Marshalls discount clothing store near St. Paul, Minn.