Let’s spin the Wheel of Credit Card Fraud and see which chain has had its payment systems compromised by malware today! Ah, this time it’s pizza buffet restaurant Cici’s, which announced this week a payment card breach that in some restaurants dates back to the beginning of 2015. [More]
As you may remember, earlier this summer, fast food and salad experience restaurant Wendy’s confirmed that “considerably more” than 300 of its stores fell victim to a malware attack starting in late 2015. Now, the fast food giant is spilling the chili beans on what customer information the hackers took. They extracted cardholder names, credit and debit card numbers, and card expiration dates. [More]
Remember the suspected payment data breach at Wendy’s restaurants from earlier this year, which resulted in a class action lawsuit almost right away? It took a few months, but Wendy’s has confirmed that they did experience a breach dating back to fall 2015, and they’ve now fixed the underlying problem, which affected an estimated 5% of their restaurants. [More]
Two months ago, reports from banks indicated that there may have been a credit card breach from the payment systems in on-site stores, coffee shops, and restaurants in Hilton-owned hotels. Reservation and payment systems for hotel rooms were not affected. Hilton confirmed the breach late yesterday, warning customers who had used payment cards to check their statements. [More]
While big companies have been known to offer “bounties” to white-hat hackers to test for weaknesses in their networks and websites to ensure they aren’t one day breached in a cyber attack, it’s too late for AshleyMadison.com, the dating site for cheaters. After the embarrassment of having its users’ private information made very public, the site is now dangling several hundred thousand dollars as a reward for information leading to the arrest of the group behind the massive hack. [More]
Very Personal Information For Over 30 Million Ashley Madison Users Set Loose On Internet In Wake Of Hack
Ashley Madison, the website for cheating cheaters who specifically want to go have an affair, was hacked in July. A day later, the company said that it was working to secure its users’ data and all personally identifiable data had been taken down. But perhaps the company is taking after the worst habits of its member base, because that too turns out to be a pack of dirty lies: the full data for over 30 million Ashley Madison accounts is now out there in the wild. [More]
Sally Beauty: Investigation Confirms Customer Payment Info May Have Been Put At Risk, But Not Debit PINs
Three weeks after Sally Beauty first said it was looking into whether it’d been the victim of a hack attack, the company says it’s confirmed that criminals used malware on some of its point-of-sale systems, possibly exposing payment information for customers who used cards at some of its U.S. stores. [More]
After the news yesterday that the Internal Revenue Service reportedly suspects Russian identity thieves were behind a breach that allowed thieves to access information for approximately 100,000 taxpayers, the Federal Bureau of Investigation says it’s now investigating the incident. [More]
United Offers “Bug Bounty” Of Up To 1 Million Miles For Hackers Who Find Vulnerabilities In Website, Mobile App
While big companies are known to quietly seek out the services of white-hat hackers to test for weaknesses in their networks and websites, it’s not every day that a major airline publicly offers a “bounty” to people who can diagnose vulnerabilities in its systems. [More]
Park-N-Fly, as you may be able to guess from the name, is a company that provides parking and shuttle services at airports. Customers can make parking reservations and pay online before their flights, which is very convenient. However, the company may have been the latest victim of a payment information breach, according to reports from card-issuing banks. [More]
It’s no longer surprising news when hackers infiltrate the systems of a brick-and-mortar retailer and run off with our credit card numbers. Shoppers have come to expect that kind of thing as a normal part of shopping. However, it’s interesting (and a bit scary) to note that two relatively small breaches at national chains could be linked. [More]
AT&T knows it needs to step up if it wants to be taken seriously these days as a wireless provider, so it’s been beefing up 3G coverage, rejiggering data plans, and of course ramping up the speed at which it leaks your private data to strangers. In fact, according to multiple reports from AT&T customers, the company has managed to pull off the neat trick of logging customers in to strangers’ accounts today during the iPhone 4 pre-order fiesta. See? You no longer have to wait until you’ve got the device in hand to worry about privacy issues. [More]
Albert Gonzalez, the mastermind behind most of the multi-million dollar credit card breaches in the past few years, is being sentenced this week. (Feds are asking for 25 years.) Now his former accomplice, Stephen Watt, has told Wired that while Gonzalez was busy stealing and selling credit card data he was also being paid under the table by the U.S. Secret Service to inform on others, earning as much as $75,000 in cash annually. [More]
This fall, credit card processors will being rolling out a new approach to preventing data theft, based on the assumption that it’s impossible to thwart every attack. Instead of keeping 100% of criminals out, they’ll segment and encrypt the data into such small chunks that it will no longer be a cost-effective crime.
The U.S. Secret Service has arrested three men in Florida on “hundreds of counts of credit card fraud” for using fake gift cards imprinted with account info stolen from Heartland Payment Systems last year. The Secret Service still thinks an Eastern European group is behind the Heartland breach, and that the Florida guys are smaller-time crooks who most likely purchased a subset of the stolen data.
We’ve received queries from readers telling us that their Citibank cards have been replaced, and asking whether we’ve heard about any new security breach. Other than Forever 21 we haven’t, so we’re wondering whether they’re responsible for the stories below.