SC Magazine reports, in what may be its most devastating attack since HBGary, the Anonymous hacktivist collective rooted the database of security intelligence firm Stratfor to plunder a claimed 200 gigabytes of data. One of Anonymous’ most visible members, Sabu, said on Twitter that the group pilfered some 90,000 credit card numbers, which were purportedly used to make about a million dollars in donations to charities. Some security experts, however, expressed doubt that the recipients would be able to keep the money because of the fraud involved. Most embarrassing, it appears Stratfor failed to encrypt any of its credit card information, despite promises “to maintain safeguards to protect the security of these servers and your personally identifiable information,” according to its privacy policy.
Bank Info Security reports Modesto, California-based grocer Save Mart Supermarkets confirms that at least 80 employees and customers have reported account compromises linked to a data breach discovered Nov. 23. According to a Dec. 5 statement issued by Save Mart, reports of compromised bank account data or attempts to access bank account data escalated over the weekend. Tampered-with card readers are suspected of affecting self-service checkout terminals in 23 Save Mart and Lucky Supermarkets, which also are owned and operated by Save Mart. Save Mart owns and operates more than 233 stores in Northern California.
The Register reports Visa is investigating the possible breach of a payment processor in Europe that may have compromised more than 10,000 cards in Eastern Europe. In a statement issued on Thursday, according to IDG News, the issuer said: “Visa Europe has been informed of a potential data security breach at a European processor and an investigation is underway. We are working closely with our member banks to ensure cardholders are protected.” The statement didn’t name the processor or the country where it’s located.
The statement came a day after a news article published by Romania Business Insider cited Visa Europe’s general manager as saying Romania’s CEC Bank blocked 17,000 payment cards because of suspicions they had been compromised. A statement issued by CEC Bank, according to SC Magazine, said: “The bank has been informed that a number of cards issued by banks in Romania and abroad have been potentially compromised through an international database. CEC Bank has decided to block the cards and reissue a new card and PIN, at no cost, for a number of cards in its portfolio.”
Delaware Online reports identity theft can be a rude awakening for many business travelers. Last year, identity theft made up 19 percent of the 1.3 million complaints stored in the Consumer Sentinel Network, a secure online database available to law-enforcement agencies. Experts say business travelers are especially vulnerable because they increasingly rely on electronic devices that easily can be lost or hacked. Credant Technologies, a data-protection company, found that travelers have lost 11,000 mobile devices at the busiest U.S. airports this year, 37.5 percent of them laptops and 37.2 percent tablets or smartphones. Hotels also are prime targets for people looking to steal financial data. In a study of 200 data-breach cases, Trustwave’s SpiderLabs, the online security company’s research arm, found 38 percent occurred at hotels or resorts.
MarketWatch notes it’s hard to put a price tag on security and privacy, but a recent study of consumers’ online and mobile purchasing attitudes conducted by Javelin Strategy & Research and PaymentOne found 4 out of 5 consumers would spend more online if offered an easier and more secure way to pay. The survey also found that by a margin of almost 4 to 1, consumers believe direct carrier-billed mobile payments are more secure than using credit and debit cards for online digital purchases. The Javelin survey also found that online merchants could add aggregated yearly revenue of $109.8 billion, simply by offering an alternative “no-credit-card-required” way to pay at checkout.
Help Net Security reports customers of US food service wholesaler Restaurant Depot and “cash and carry” chain Jetro, have begun receiving letters warning them about the possibility of their credit card details having been stolen by cyber criminals. Forensic experts discovered that the theft of the information in question was executed with the use of malware installed onto the credit and debit card processing systems used by the company. The malware would temporarily store the information and ultimately send it to a server located in Russia.
Krebs on Security reports malicious hackers are targeting a previously unknown security hole in Adobe Reader and Acrobat to compromise Microsoft Windows machines, Adobe warned recently. Adobe says attackers are taking advantage of a newly discovered critical flaw that exists in Adobe Reader X (10.1.1) and earlier versions for Windows and Mac systems, and Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, as well as Adobe Acrobat X (10.1.1) and earlier for Windows and Mac machines. A security bulletin warns of reports that the vulnerability is being actively exploited in “limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.” Adobe said it plans to ship an emergency update to address the vulnerability in Reader 9.x and Acrobat 9.x on Windows no later than the week of Dec. 12. Citing protections built into newer versions of its software, however, Adobe said it would not fix the flaw in Reader X or Acrobat X versions for Windows, Mac, or UNIX versions until Jan. 10, 2012, the date of its next scheduled quarterly security update.
CSO Security and Risk reports a U.S. district court in Texas has dismissed all but one of the claims brought by several banks against Heartland Payment Systems over the massive data breach the payment processor disclosed in January 2009. Judge Lee Rosenthal of the U.S. District Court for the Southern District of Texas ruled that the banks had basically failed to state proper claims for seeking damages from Heartland. A total of nine banks filed suit against Heartland, claiming it had acted negligently, violated consumer protection laws in multiple states and breached its contractual obligations to the financial institutions. In his ruling, Rosenthal dismissed the negligence claims and the contractual obligation claims. Rosenthal did, however, leave room for the banks to file an amended breach-of-contract complaint in future if they chose to. He also let stand a claim the banks had filed under the Florida Deceptive and Unfair Trade Practices Act. Heartland in 2009 disclosed that unknown hackers had broken into its networks and improperly accessed data on close to 130 million credit and debit cards over a period of several months. The breach, which continues to be the largest ever involving payment cards, resulted in Heartland being hit with a flurry of lawsuits by consumers as well as by banks that had to block, recall and reissue millions of compromised cards.
WKRN TV in Nashville reports a student who was just a few credits away from earning a PhD at the University of Georgia has been sentenced to 70 months in prison in a credit card scam. According to court documents, 25 -year-old Carlton Lewis directed a scheme in which waitresses at restaurants around the Southeast would skim credit card numbers from customers. Lewis and other defendants would make counterfeit cards with the stolen numbers and use them to purchase gift cards and merchandise.
The Winnipeg Free Press reports bad driving has sunk an alleged credit card fraud scheme by three suspects visiting from Toronto. The Winnipeg police canine unit became suspicious when it pulled over a vehicle due to a driving infraction. Inside the vehicle they found 38 counterfeit debit cards, over $10,000 in cash, electronic equipment used in credit card fraud, and credit card gift cards. Police allege the accused traveled throughout Winnipeg using counterfeit debit cards to make withdrawals and purchases. Three people from Toronto were arrested. Sugenthan Sven Thirunavukarsu, 25, Niroshon Placidass, 23, and Nathalie Renee Graham-Hunt, 23, have been charged with numerous fraud related offenses.
