A Massachusetts restaurant chain agreed to pay a $110,000 fine to settle a complaint that alleged hackers nabbed customers’ credit card and debit card info in 2009. [More]
data breaches
TJX Hacker May Have Also Been Working For The Secret Service For $75,000 A Year
By 3.23.10
Albert Gonzalez, the mastermind behind most of the multi-million dollar credit card breaches in the past few years, is being sentenced this week. (Feds are asking for 25 years.) Now his former accomplice, Stephen Watt, has told Wired that while Gonzalez was busy stealing and selling credit card data he was also being paid under the table by the U.S. Secret Service to inform on others, earning as much as $75,000 in cash annually. [More]
State Job Website Has Great Opportunities For Self-Starting Identity Thieves
By 10.26.09
CBS 5 exposed a “gaping hole” in the code of California’s state-run employment website that allows anyone who views the site to access and modify other users’ resumes and personal info simply by changing some numbers in the URL.
Wave Of Fake Debt Collectors Hints At Possible Data Breach
By 8.4.09
The Better Business Bureau has released a warning to be aware of scammers calling to threaten people with arrest “within the hour” for defaulting on payday loans. What makes them stand out from normal debt collecting scammers is these callers have huge amounts of personal info on their victims, including Social Security and drivers license numbers; old bank account numbers; names of employers, relatives, and friends; and home addresses.
Hacked Company: Notifying Customers Of Breach Is A "Burden"
By 7.27.09
Network Solutions, an e-commerce company, just experienced a data breach that resulted in them compromising 573,000 credit and debit card accounts. The company has begun to notify merchants of the breach so they can tell their customers, but gosh, it’s just so hard.
Visa Covers Butt By 'Delisting' Breached Credit Card Payment Processors
By 3.18.09
Visa has removed Heartland Payment Systems and RBS WorldPay, the two huge payment processors that suffered recent data breaches, from its list of companies that are in compliance with Payment Card Industry (PCI) rules. It says they can get back on the list when they recertify that they have proper security in place. While this may sound like a significant change in the status of the companies, in reality it does little to change how the three companies do business with each other or with merchants. It’s just a way for Visa to protect itself from any upcoming lawsuits by banks and credit unions against the payment processors.
Stein Mart Settles Personal Data Breach By Offering… Coupons
By 7.8.08
Stein Mart was caught “printing expiration dates and/or more than the last five digits of credit cards on receipts,” and was subsequently hit with a class action lawsuit for exposing sensitive customer data. Now they’ve settled by agreeing to run coupons in local newspapers. It gets better: instead of a flat 20% off coupon, the store is requiring minimum-purchase amounts that reduce the savings if your purchase falls between the arbitrarily set thresholds.
- $10 off a purchase of $50 or more
- $20 off a purchase of $100 or more
- $30 off a purchase of $150 or more
We need a new federal law that says class action lawyers have to be compensated in the same manner as their clients. Give those hard working guys and gals some $30-off coupons, please!
Montgomery Ward's Hacked 6 Months Ago, But Victims Weren't Told
By 6.30.08
Somewhere between 51,000 and 200,000 records were stolen from Montgomery Ward’s servers last December—the company says it’s the smaller number, but CardCops, the group that spotted the hack in the first place, “spotted hackers touting the sale of 200,000 payment cards belonging to one merchant” in June, which is how the story became public. Montgomery Wards knew about the breach when it happened, and although they reported the crime to federal investigators, they didn’t tell any of the victims. The CEO of Direct Marketing Services, which owns the Montgomery Ward name, told the Associated Press that after he alerted investigators he felt his company “had met its obligations.”
Librarian Takes Sprint Nextel & Wells-Fargo To Small Claims Court And Wins
By 2.22.08
Last December, Theodore Karantsalis received a letter from Sprint, where he was a customer, telling him that someone who banks with Wells-Fargo—where he’s not a customer—was presented with his invoice and personal data when they logged into their Wells-Fargo Checkfree account. The customer contacted Sprint, and Sprint contacted Karantsalis. Karantsalis decided that he’d deal with the issue on his own instead of bringing a lawyer into it or throwing his hands up in frustration, so he took both companies to small claims court.
