User Name: Password:
Credit Card
Credit Card

Card Data Breaches

Target to Settle Data Breach Lawsuit for $10 Million

March, 2015

Dark Reading reports individuals who are able to prove they suffered financial losses as a direct result of the data breach at Target in late 2013 will be eligible for up to $10,000 in damages under a proposed settlement of a class-action lawsuit against the retailer. Target will set aside $10 million in an interest-bearing escrow account to fund claims made by individuals under the settlement, court documents filed in the U.S. District Court for the District of Minnesota show. Funds that remain after all claims have been settled will not revert back to Target and will instead be distributed according to the court’s instructions. Under the proposed settlement Target has also agreed not to contest any award of attorney’s fees that do not exceed $6.75 million the court documents show.

Nussle: CUs Still Wait for Over $30M Lost from Target Breach

March, 2015

CUNA News notes despite the recent announcement by Target of a $10 million settlement for a consumer class-action lawsuit related to its 2013 data breach, credit unions are still waiting to be reimbursed for the nearly $30 million of costs they incurred in response to the breach.  The settlement only covers payments to consumers for damages they may have incurred.  It does not cover costs credit unions and other financial institutions incurred as a result of the breach. CUNA President/CEO Jim Nussle weighed in on the Target news: “For 15 months, credit unions and their members have been pushed to the back burner waiting to be reimbursed for over $30 million lost, at no fault of their own, due to Target’s failure to safeguard the data of its customers.  Further, it shouldn’t take a court-approved settlement for Target to provide basic security measures to protect American consumers from data breaches.

Breach at Premera Blue Cross Affects 11 Million

March, 2015

ThreatPost reports hackers wriggled their way into the servers of health insurance provider Premera Blue Cross 10 months ago, and potentially exposed the information of 11 million members, employees and other associates. The provider announced yesterday that customer information, including names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, identification numbers, bank account information, and claim information—including medical ailments–may have been leaked by hackers. Prospective customers, including Blue Cross Blue Shield members who sought treatment in either Washington or Alaska, are believed to be affected as well, as are any individuals who may have given the company their email address, bank account number or Social Security number.

Apple Pay: A New Frontier for Scammers

March, 2015

The Guardian reports criminals in the U.S. are using the new Apple Pay mobile payment system to buy high-value goods – often from Apple Stores – with stolen identities and credit card details. Banks have been caught by surprise by the level of fraud, and the Guardian understands that some are scrambling to ensure that better verification and checking systems are put in place to prevent the problem running out of control, with around two million Americans already using the system. The crooks have not broken the secure encryption around Apple Pay’s fingerprint-activated wireless payment mechanism. Instead, they are setting up new iPhones with stolen personal information, and then calling banks to “provision” the victim’s card on the phone to use it to buy goods. A credit or debit card can only be added to Apple Pay when its issuing bank beams over an encrypted version of the card details to store on the phone – which it should only do when certain the real owner is using it.

Target Breach Costs: $162 Million

March, 2015

Bank Info Security reports Target’s breach-related expenses not covered by insurance have totaled $162 million so far, its latest financial report shows. And experts says the breach could continue to have a financial impact for years to come. Gross expenses stemming from Target’s data breach in December 2013 have totaled $252 million. But insurance has covered $90 million of that cost. The breach exposed 40 million payment cards and personal information on 70 million customers. While breach response costs are on a downward trend, Target will continue to feel the impact from the breach for years to come, according to Rick Holland, principal analyst at Forrester Research. He notes litigations like the one in federal court in Minnesota could drag this painful breach on for quite some time.

One Billion Data Records Stolen in 2014

February, 2015

CUNA notes nearly 1 billion pieces of personal information were compromised in 2014 as a result of data breaches, with the retail industry allowing the highest number of incidents, according to a report from digital security firm Gemalto, based in the Netherlands. Breaches climbed by 49% overall in 2014 with 1,500 attacks, while the number of individual data records that were compromised jumped 78%, the report found. The majority of breaches (55%) occurred at merchant stores, up from 29% in 2013, with an increase seen in the number of attacks on point-of-sale systems as well. CUNA continues to urge lawmakers to pass legislation that would require merchants to adhere to the same strict payment data security standards that financial institutions must meet. While breaches often take place at merchant stores, credit unions and other financial institutions often are on the hook for the costs associated with rectifying a consumer’s financial situation. A CUNA survey found that the Home Depot breach alone cost credit unions $57.4 million in breach-related costs.

POS Malware Threatens Payment Cards Used at Gateway Arch Shops

February, 2015

SC Magazine reports Jefferson National Parks Association announced on Friday that malware was identified on point-of-sale (POS) devices at two gift shops at the Gateway Arch in St. Louis, and payment card information may have been compromised for anyone who used their payment cards at those terminals. The number of victims is unknown at this time. Payment card information may have been compromised, including names, payment card numbers, and expiration dates. Jefferson National Parks Association immediately suspended use of its networked payment systems. The malware has been disabled from the systems, and a stand-alone payment processing system is now being used. An investigation is ongoing.

Seattle Game Producer Reports Breach

February, 2015

Data Breach Today reports Big Fish, a Seattle-based online game producer and distributor, is notifying an undisclosed number of customers that their payment card information may have been compromised following a malware intrusion. The company became aware of the incident on Jan. 12, according to a copy of their breach notification, which was provided to the California Attorney General’s Office. According to Ian Hurlock-Jones, the company’s chief technology officer, an unknown criminal installed malware on the billing and payment pages of company websites that appears to have intercepted customer payment information. Information that may have been exposed includes names, addresses, payment card numbers, expiration dates and CVV2 codes, Big Fish says.

Payment Security Initiatives Unveiled

February, 2015

Bank Info Security reports the Feb. 13 White House Summit on Cybersecurity and Consumer Protection was the stage for more than a dozen companies and trade groups to announce new initiatives aimed at securing internet transactions and payments and reducing fraud. According to a White House fact sheet, Visa will commit to tokenization, substituting credit card numbers with randomly generated tokens for each transaction by the end of March. And MasterCard will invest more than $20 million in new cybersecurity tools, including the deployment of Safety Net, a new security solution that will reduce the risk of large-scale cyber-attacks. The card brands also are participating in the administration’s Buy Secure Initiative, pledging to collaborate with Apple, Comerica Bank and U.S. Bank to make ApplePay, a tokenized, encrypted mobile payments service, available for users of federal payment cards.

Hackers Continue Breaching, Stealing Credit Card Data from Parking Services

February, 2015

Help Net Security reports the hackers behind the Target and Home Depot data breaches have struck again, and this time the victims seem to be the customers of Book2Park.com, an online parking reservation service available at a variety of US airports. According to Brian Krebs and his sources from several banks that bought a handful of cards from a new batch put on sale on popular carder online store Rescator[dot]cm, the common denominator is that all the cards were recently used by their rightful owners to make parking reservations at Book2Park.com. Anna Infante, the owner of the service, confirmed that they had a breach, but that they still don’t know what information – if any – was stolen. According to her, the tech firm they used recently discovered that someone planted malicious files on the company’s Web server. She said that they are working on discovering the extent of the breach and protecting potentially affected customers.

Article archive by topic

Card Data Breaches

Card Fraud

Identity Theft

Network Security

Skimming

Smart Cards