It’s no longer surprising news when hackers infiltrate the systems of a brick-and-mortar retailer and run off with our credit card numbers. Shoppers have come to expect that kind of thing as a normal part of shopping. However, it’s interesting (and a bit scary) to note that two relatively small breaches at national chains could be linked. [More]
breaches
It's iPhone 4 Day, So Naturally AT&T Is Exposing Account Info To Strangers
By 6.15.10
AT&T knows it needs to step up if it wants to be taken seriously these days as a wireless provider, so it’s been beefing up 3G coverage, rejiggering data plans, and of course ramping up the speed at which it leaks your private data to strangers. In fact, according to multiple reports from AT&T customers, the company has managed to pull off the neat trick of logging customers in to strangers’ accounts today during the iPhone 4 pre-order fiesta. See? You no longer have to wait until you’ve got the device in hand to worry about privacy issues. [More]
TJX Hacker May Have Also Been Working For The Secret Service For $75,000 A Year
By 3.23.10
Albert Gonzalez, the mastermind behind most of the multi-million dollar credit card breaches in the past few years, is being sentenced this week. (Feds are asking for 25 years.) Now his former accomplice, Stephen Watt, has told Wired that while Gonzalez was busy stealing and selling credit card data he was also being paid under the table by the U.S. Secret Service to inform on others, earning as much as $75,000 in cash annually. [More]
Hacked Company: Notifying Customers Of Breach Is A "Burden"
By 7.27.09
Network Solutions, an e-commerce company, just experienced a data breach that resulted in them compromising 573,000 credit and debit card accounts. The company has begun to notify merchants of the breach so they can tell their customers, but gosh, it’s just so hard.
Credit Card Processors Launch A New Strategy To Defeat Theft
By 5.26.09
This fall, credit card processors will being rolling out a new approach to preventing data theft, based on the assumption that it’s impossible to thwart every attack. Instead of keeping 100% of criminals out, they’ll segment and encrypt the data into such small chunks that it will no longer be a cost-effective crime.
Three Men Arrested In Heartland Data Breach For Using Fake Visa Gift Cards
By 2.15.09
The U.S. Secret Service has arrested three men in Florida on “hundreds of counts of credit card fraud” for using fake gift cards imprinted with account info stolen from Heartland Payment Systems last year. The Secret Service still thinks an Eastern European group is behind the Heartland breach, and that the Florida guys are smaller-time crooks who most likely purchased a subset of the stolen data.
Forever 21 Aftershocks? Citibank Cancels Cards Due To Retailer Security Breach
By 9.17.08
We’ve received queries from readers telling us that their Citibank cards have been replaced, and asking whether we’ve heard about any new security breach. Other than Forever 21 we haven’t, so we’re wondering whether they’re responsible for the stories below.
Aflac Accidentally Introduces 624 Strangers To Each Other Via Mass Email
By 8.22.08
We’d hoped that Activision’s blunder would be the last one, but it turns out the HR department at Aflac can’t find the BCC field either. Reader Corey writes in to let us know he just received an email addressed to him and 623 other people who were interested in jobs with the insurance company. Our guess is some of the recipients won’t be so interested in a career with a company that doesn’t care about the privacy of its employees. After the jump, a quick guide to obscuring other recipients’ email addresses so this doesn’t happen again.
Curves Leaves Working Computer Full Of Personal Information In An Office Dumpster
By 7.4.08
UPDATE: Adam has been in contact with the owners and has posted an update on his site.
Former Employee Says TJX Security In Lawrence, Kansas Is A Joke
By 5.27.08
Remember TJX’s gigantic security breach problems last year, where data on 94 million accounts was stolen? Good for you, because apparently TJX doesn’t. A former employee of a TJX store in Lawrence, Kansas was fired recently for posting anonymous complaints online about the current sorry state of his store’s security, which included the store manager writing server login and password information on a sticky note, and the store resetting employee passwords to blank fields.
Redbox Shows Businesses How To Properly Handle A Data Breach
By 4.7.08
Redbox rents DVD movies via vending machine in drugstores and supermarkets throughout the country, and on Friday they announced that they’d found credit card skimmers attached to three of their kiosks. What’s surprising is that they ‘fessed up so quickly, and in a highly public manner—they’ve got the text “SECURITY ALERT” at the top and bottom of their website, and the email they sent to their members is detailed, forthright, and helpful, and reposted in its entirety—along with photos of sample card skimmers—on their site. Attempts at identity theft no longer surprise us, but a competent handling of the issue by a company is pretty amazing.
Maryland's Dental HMO Security Breach Was One Of Nearly 40 In The State Since January
By 4.1.08
A few days ago we linked to a Baltimore Sun article that investigated the recent accidental release of private patient data online by The Dental Network. Now the reporter who broke the story, Liz F. Kay, has contacted us with news that “this was the largest of nearly 40 breaches affecting Maryland residents” since a disclosure law went into effect in January:
Thirty-nine businesses or groups have reported losses of sensitive information involving about 87,500 Maryland residents in the three months since a state law took effect requiring that people be informed of such incidents, records show.
Hannaford Credit Card Theft Caused By Malware, Not Database Breach
By 3.31.08
Most corporate credit card data theft happens at the database level, like the massive T.J. Maxx breach. But Hannaford has notified investigators that the recent theft of 4.2 million accounts was caused by malware that was installed on the servers at each of its 300 locations. The software “intercepted data from customers as they paid with plastic at checkout counters and sent data overseas,” reports CNET.
CareFirst Dental HMO Exposes SSNs, Says You Should "Take It Seriously"
By 3.28.08
Last month, The Dental Network—a dental HMO owned by CareFirst BlueCross Blue Shield—discovered it had accidentally revealed personal data and Social Security numbers online for about 75,000 of its customers. It told the members about the screw-up three weeks later. “The company says that to its knowledge, no one has misused the information. But it says ‘the risk … should be taken seriously,'” and it’s offering affected members one year of credit monitoring. After that, as you know, the thread of identity theft plummets. Wait, what?
Chart: "10 Largest Data Breaches Since 2000"
By 3.17.08
The info-loving people at Flowing Data pulled the figures on data breaches (available at Attrition.org) and created a chart showing the top 10 biggest breaches in the past eight years. The most disturbing trend, which probably will surprise few Consumerist readers, is that the breaches are increasing in frequency.
OfficeMax says, “No Evidence of Security Breach”
By 3.15.06
“Following an extensive review of its security systems, OfficeMax says it has no reason to believe it was the company that suffered the data breach that resulted in thousands of cases of debit card fraud,” in a CNET report pointed to us by reader John.
