User Name: Password:
Credit Card
Credit Card

Card Data Breaches

216 Jimmy John’s Restaurants Affected in Data Breach

September, 2014

Data Breach Today reports the restaurant chain Jimmy John’s has confirmed a payment card data breach that affected about 216 of its locations in 40 states. Potentially exposed information includes card numbers and, in some cases, the cardholder’s name, verification code and/or the card’s expiration date. Information entered online, such as customer address, e-mail and password, remains secure, the company says. The Champaign, Illinois-based restaurant chain, which has more than 2,000 locations, did not reveal how many cards were potentially impacted. The company says it appears that customers’ payment card data was compromised after an intruder stole log-in credentials from its “point-of-sale vendor” and used the credentials to remotely access the point-of-sale systems and install malware at some corporate and franchised locations between June 16 and Sept. 5.

Home Depot Was Hacked by Previously Unseen ‘Mozart’ Malware

September, 2014

The Wall Street Journal reports federal security agencies warned retailers Wednesday that a previously unseen malicious software program they are calling Mozart was used in the attack on Home Depot earlier this year. The warnings came in a report by the Department of Homeland Security that drew on findings gathered by the Secret Service, which is investigating the breach, according to people familiar with the matter. The software appeared to be customized for the home improvement retailer’s systems. While it was designed to steal credit card numbers and accomplish the same goals as computer code deployed in other giant breaches, at each turn it carried out its mission in slightly different ways to evade security gear. Mozart was a phrase that appeared in the malware’s code and appeared to be a reference to a directory on the attacker’s system. Home Depot confirmed the report and said there were specific attributes of the malware that indicated it was customized to the retailer. For instance, it used file names that blended in with legitimate filenames and are unique to Home Depot’s technology, the company said. The attack on Home Depot ran for five months and may have compromised 56 million credit and debit cards, far bigger than the holiday season attack on Target Corp.

Home Depot: 56 Million Cards Breached

September, 2014

Data Breach Today reports Home Depot says an estimated 56 million payment cards were exposed in the data breach at its U.S. and Canadian stores. Home Depot, in an updated statement, says that to evade detection, the criminals involved in the cyber-attack against it used custom-built malware, which has not been used in other attacks. The company said that it has also completed a major payment security project that provides enhanced encryption of payment data at the point of sale in the company’s 1,977 U.S. stores. The retailer’s enhanced payment security is from Voltage Security. The encryption project, launched in January, was completed in all U.S. stores on Sept. 13. The project required writing tens of thousands of lines of new software code and deploying nearly 85,000 new PIN pads to stores, Home Depot says. Rollout of enhanced encryption to 180 Canadian stores will be completed by early 2015, the company says. All Canadian stores are already equipped with EMV technology; U.S. stores will have EMV in place by the end of this year.

Home Depot Breach Confirmed, Stolen Info Used to Change Pins, Collect Money

September, 2014

Help Net Security reports Home Depot confirmed that it suffered a breach of its payment data systems. The breach could impact any customers that have, from April forward, used their payment card at the company’s U.S. and Canadian stores. Customers who shopped online at HomeDepot.com and those who shopped in the company’s Mexican stores will likely not be affected. After reassuring customers that their check information and PINs tied to their debit cards were not compromised in the breach, the company has, nevertheless, urged users to review their bank statements for suspicious transactions. Finally, they made sure to note that potentially affected customers will not be responsible for any fraudulent charges to their accounts, and they will be offered free identity protection and credit monitoring services. No more details about the breach itself were given, so it’s still unconfirmed whether the attackers used a variant of the BlackPOS (or Kaptoxa) malware to collect the payment card data, as anonymous sources reported.

Home Depot Already Faces Breach Lawsuit

September, 2014

Bank Info Security reports Home Depot has been hit with a class action lawsuit stemming from a suspected data breach at the home improvement retailer. While one legal expert portrays the lawsuit as premature, because the investigation is still under way, another says the filing was made because it’s highly likely the breach will be confirmed. The lawsuit, filed Sept. 4 in the U.S. District Court for the Northern District of Georgia, alleges that the retailer failed to meet its legal obligation to protect customers’ credit card and personal information. It also accuses Home Depot of not notifying its customers about the alleged breach, with the facts only coming out following revelations of a potential incident by security blogger Brian Krebs.

Nearly All U.S. Home Depot Stores Hit in Data Breach

September, 2014

Krebs on Security reports new data gathered from the cybercrime underground suggests that the apparent credit and debit card breach at Home Depot involves nearly all of the company’s stores across the nation. Evidence that a major U.S. retailer had been hacked and was leaking card data first surfaced September 2 on the cybercrime store rescator[dot]cc, the shop that was principally responsible for selling cards stolen in the Target, Sally Beauty, P.F. Chang’s and Harbor Freight credit card breaches. As with cards put up for sale in the wake of those breaches, Rescator’s shop lists each card according to the city, state and ZIP code of the store from which each card was stolen. A comparison of the ZIP code data between the unique ZIPs represented on Rescator’s site, and those of the Home Depot stores shows a staggering 99.4 percent overlap.

BackOff Not to Blame for GoodWill Breach

September, 2014

Dark Reading reports that despite the retail industry’s new fervor over the Backoff malware, it was Rawpos, not Backoff, that is to blame for the breach at Goodwill retail stores, reported in July. Symantec gave Rawpos a risk rating of “very low” when they discovered the infostealer in February. Very low risk or not, Rawpos was used to compromise 330 of Goodwill’s independently operated “member” stores in 20 US states, and exposed information on 868,000 credit cards, a Goodwill representative confirms. Goodwill recently released details about the scope and nature of the breach, stating that “The investigation found no evidence of malware on any internal Goodwill systems… The impacted Goodwill members used the same affected third-party vendor to process credit card payments. Twenty Goodwill members (representing about 10 percent of all stores) that use the same affected third-party vendor were impacted.”

Dairy Queen: Another ‘Backoff’ Victim?

September, 2014

Data Breach Today reports Dairy Queen says it was recently notified by federal authorities that a limited number of its stores may have been hit by the ‘Backoff’ malware. Dairy Queen has more than 6,000 restaurants in the U.S., Canada and 18 other countries. The news comes in the aftermath of an Aug. 22 Department of Homeland Security advisory, which warned that more than 1,000 U.S. businesses have had their systems infected by Backoff, a new point-of-sale malware that has been linked to numerous remote-access attacks. An executive at one card issuing bank in the Southeast, who asked not to be named, tells Information Security Media Group that the bank has seen card fraud apparently tied to Dairy Queen transactions in recent weeks. Security blogger Brian Krebs was the first to report on a possible breach at the restaurant chain.

UPS Reveals Data Breach

August, 2014

Data Breach Today reports UPS is warning that subsidiary UPS Stores suffered a point-of-sale malware attack that compromised numerous card transactions over a seven-month period. All told, 51 of its U.S. franchised center locations across 24 states were infected, which may have resulted in attackers compromising customers’ personal information and payment card details, including some Social Security and driver’s license numbers, thus placing them at risk of identity theft and fraud. About 105,000 credit card and debit card transactions were compromised in the data breach, according to UPS spokeswoman Chelsea Lee. The number of customers affected has not been revealed.

PF Chang’s Data Breach Lasted 8 Months

August, 2014

Help Net Security reports Asian-themed US restaurant chain P.F. Chang’s China Bistro has finally provided some more details about the breach it suffered earlier this year, including the 33 restaurant locations where the security of their PoS systems was compromised. The company first found out about the compromise on June 10, 2014, when it was alerted by the US Secret Service. On the very next day, they moved to a manual processing system for all credit and debit card transactions. Once the affected hardware was replaced, they went back to their standard card processing system. The subsequent investigation revealed that the initial intrusion dates back to October 10, 2013. The company believes that the thieves made away with card numbers and, in some cases, also the cardholder’s name and/or the card’s expiration date. The stolen card data has appeared for sale on well-known carder store Rescator(dot)so in June, and was sold for prices between $18 to $140 per card.

Article archive by topic

Card Data Breaches

Card Fraud

Identity Theft

Network Security

Skimming

Smart Cards