http://www.databreaches.net/?p=8553
Spanish breach causes “largest bank-card security breach in Czech history”
November 26, 2009 by admin Filed under Breach Incidents, Financial Sector, ID Theft, Non-U.S., Of Note
Stephan Delbos reports:
Clients of four major Czech banks could find their accounts blocked at their next visit to the ATM as a result of the largest bank-card security breach in Czech history. [Did they even have credit cards under communism? Bob]
ČSOB, Raiffeisenbank, Česká spořitelna and Volksbank CZ have begun blocking thousands of bank cards for customers who made transactions in Spain in spring and summer this year after it was reported that fraudsters had stolen information necessary to access these accounts, including account numbers and pin codes. Approximately 100,000 accounts in the Czech Republic could be affected by the blockages, according to the Bank Card Association.
“In the spring and summer months this year in Spain, there was a relatively extensive data leakage concerning payment cards, probably from a system processor such as an ATM,” said Roman Kotlán of the Czech Bank Card Association. “There have been reports of the misuse of stolen data to manufacture counterfeits and make payments to merchants in different parts of the world.”
Read more in the Prague Post.
[From the article:
"The whole process of blocking the account and re-issuing a new card will take about a week," he said. [One of those measures you don't often see reported. Still, most of the process is automated so the labore costs are low. Bob]
Apparently this is not related via the Aloha device, but the technique appears to be the same. Somewhere there is a school for crooks who want to learn “How to Steal Bunches of Credit/Debit cards”
http://www.databreaches.net/?p=8523
Hackers steal credit-card numbers from restaurant customers
November 26, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, ID Theft, Malware, U.S.
Theodore Decker reports:
Diners who frequent a popular Downtown restaurant should review their charge-card statements because hackers broke into its computer system to loot debit- and credit-card numbers, police said today.
Between 30 and 50 people have reported fraudulent charges on their accounts, and Columbus detectives said that anyone who used a charge card at Tip Top Kitchen and Cocktails in July or August is at risk.
Detective Wyatt Wilson of the Columbus police fraud/forgery unit said police began linking reports of credit-card fraud in October. Cross-checking the victims’ accounts revealed Tip Top, which is on E. Gay Street, as a common denominator, he said.
Read more in the Columbus Dispatch.
In case you’re wondering, no, Tip Top was not using the Aloha POS system. The restaurant informs DataBreaches.net that they were using 2Touch POS. According to a restaurant spokesperson, 2Touch used VNC software “so 2Touch can do maintenance, install updates etc from their offices.”
An “unknown IP address” was found on the VNC logs as well as malware. VNC has been disabled and the malware removed. Hard drives have even been replaced for good measure. So far the CPD has traced the IP address to somewhere in Europe.” [Isn't it wonderful how the Internet brings us all together in one global community? Bob]
(Related)
http://www.databreaches.net/?p=8537
NZ: Skim versus hack: Council still in the dark
November 26, 2009 by admin Filed under Breach Incidents, Government Sector, Non-U.S.
Rob O’Neill reports:
Auckland City is referring all enquiries about how its carparking systems were compromised, leading to the reissue of thousands of credit cards, to Westpac, which is leading the investigation into the incident.
Spokesman Glyn Jones says the council “hasn’t been told conclusively” whether skimming or hacking were used to breach customer security. The banks are conducting the investigation into the incident, he says.
[...]
Earlier today, a note on the Public Address system website indicated the city’s PCI credit card certification was “under serious review”.
“Basically, internal systems at Auckland City have been compromised,” the leak, attributed to “Mr A. Source”, said.
However, Jones says the council has had no indication from the banks that is the case.
Read more on Computerworld (NZ)
[Update on the Computerworld site:
The New Zealand Herald has raised the possibility of a spoofing attack being behind the incident.
… A banking investigation has raised the possibility that stolen credit card details of tens of thousands of New Zealanders are in the hands of a Russian or Albanian gang.
The theft of credit card details from payment machines at the Downtown carpark in central Auckland had all the hallmarks of a Russian or Albanian hacking ring preying on soft targets, [Soft targets here are defined as those that use default passwords, unencrypted wireless, and every other “worst practices” we teach students in “Introduction to Computer Security.” Bob] a source close to the investigation told the Herald.
… The source said the gang was believed to be based in the United States, but probably masked its identity by using internet addresses in other countries.
Several people have contacted the Herald to say their credit cards were used fraudulently to buy goods at a Walmart chain store in the American city of Phoenix, Arizona, after being used at the Downtown carpark.
… Police spokeswoman Kaye Calder said New Zealand representatives of Interpol and fraud staff at police national headquarters had not been advised of the scam. [??? Bob]
Westpac and other banks, Mastercard and Visa have refused to reveal the scale of the problem. [Does that indicate the problem is huge? Bob]
… More than 100,000 cards are believed to be affected.
Westpac is refusing to say how long the scam ran, but a source in the finance industry said it was possibly years.
Auckland IT consultant Steven Ellis said he received a new credit card three weeks ago to replace a card he last used at the Downtown carpark about 14 months ago.
Another case of “Our policy was inconvenient, so we ignored it.”
http://www.databreaches.net/?p=8528
UK: Action taken after details of 110,000 individuals are stolen
November 26, 2009 by admin Filed under Breach Incidents, Financial Sector, Non-U.S., Of Note, Subcontractor, Theft
The Information Commissioner’s Office (ICO) has found Verity Trustees Ltd to be in breach of the Data Protection Act after the Trustees reported the theft of a laptop computer containing the names, addresses, dates of birth, salaries and national insurance numbers of around 110,000 individuals.
The laptop, which also contained the bank details of around 18,000 individuals, was stolen from a locked server room at Northgate Arinso – suppliers of the Trustees’ computerised pensions administration system. The data was downloaded for training purposes in breach of Northgate Arinso’s policy of only using an anonymised data sample for 50 to 100 pension scheme members.
A formal Undertaking has been signed by Verity Trustees Ltd to ensure that personal data is processed in accordance with the Data Protection Act. Verity Trustees Ltd will ensure portable and mobile devices used to store and transmit personal data are suitably encrypted. Adequate written contracts that encompass data security obligations will also be put in place with data processors as soon as is practically possible.
Mick Gorrill, Assistant Information Commissioner at the ICO, said: “This is a stark reminder of how easy it can be to put so many people’s details at risk. Failure to follow security policies and downloading such a vast amount of information has resulted in thousands of individuals’ personal details being compromised. It is encouraging to see that the Trustees have taken remedial steps, including the engagement of a fraud protection service provider to protect the affected individuals.
I am also satisfied that the Trustees will now take appropriate steps to ensure individuals’ details are protected.”
Failure to meet the terms of the Undertaking is likely to lead to enforcement action by the ICO. A copy of the Undertaking can be downloaded from http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx
Source: ICO
How about that? Even the government can sometimes grasp the obvious.
http://www.computerworld.com.au/article/327812/victorian_auditor_general_slams_public_sector_privacy
Victorian Auditor-General slams public sector privacy
Information security policy, standards and guidance for the sector are incomplete and too "narrowly focused" on ICT security
Tim Lohman 26 November, 2009 13:26
The confidentiality of personal information collected and used by the public sector can be, and has been, easily compromised, a Victorian Auditor-General report has found.
The Maintaining the Integrity and Confidentiality of Personal Information report, which examined information security in three Victorian government departments, found that the ability to penetrate databases, the consistency of its findings and the lack of effective oversight and coordination of information security practices strongly indicate that this phenomenon is widespread.
… “Risks cannot be managed where an agency is not aware of them, or does not understand their significance,” the report reads. “Without substantiation, attestations by agency heads about the effectiveness of controls have no value.”
The Victorian Auditor-General also made a number of recommendations to resolve these issues which can be read in the report.
Slumdog Big Brother? Stimulating the economy by paying 80% of the population to spy on the other 80%?
India To Have Automatic Communications Monitoring
Posted by timothy on Friday November 27, @01:37AM from the top-down-with-a-vengeance dept.
angry tapir writes
"India plans to set up a centralized system to monitor communications on mobile phones, landlines and the Internet in the country, a minister has told the Rajya Sabha, the upper house of Parliament. Indian laws allow the interception and monitoring of communications under certain conditions, including to counter terrorism. A pilot of the new Centralized Monitoring System (CMS) is to be started by June next year, subject to clearances by other government agencies."
Learn all you can about Cloud Computing. Most organizations will be using it soon.
http://www.pogowasright.org/?p=5775
ENISA Report Examines Cloud Computing and Privacy
November 26, 2009 by Dissent Filed under Featured Headlines, Internet, Non-U.S.
From EPIC.org:
The European Network and Information Security Agency has released a new report on Cloud Computing. The ENISA report recommends that European officials determine the application of data protection laws to cloud computing services. The report also considers whether personal data may be transferred to countries lacking adequate privacy protection, whether customers should be notified of data breaches, and rules concerning law enforcement access to private data. Earlier this year, EPIC filed a complaint with the Federal Trade Commission, urging the Commission to examine the adequacy of privacy safeguards for cloud computing services. A subsequent letter by computer researchers, addressed to Google CEO Eric Schmidt, raised similar concerns.
[From the report:
The key conclusion of this paper is that the cloud’s economies of scale and flexibility are both a friend and a foe from a security point of view. The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defences can be more robust, scalable and cost-effective.
I thought this was a collection of open source software, apparently not.
Microsoft Issues Takedown Notices Over COFEE
Posted by Soulskill on Thursday November 26, @10:27AM from the horses-and-barn-doors dept.
Eugen tips news that Microsoft has sent DMCA takedown notices to several websites to stop them from offering the Computer Online Forensic Evidence Extractor (COFEE) tool for download after it was leaked earlier this month. One of the sites, Cryptome.org, has posted their correspondence with Microsoft over the software. "... Microsoft contacted Network Solutions, which hosts Cryptome, and since John Young, the owner of the website, wasn't too keen on losing his whole website for the sake of a single 15MB file, he removed the download link and sent Network Solutions a notice of compliance."
[Of course, you can still get it on the Pirate Bay site (or so I've been told)
http://thepiratebay.org/torrent/5156601
Certainly not unexpected. The world is warming, just not fast enough for some politicians. Politicians control grant money. See where I'm going with this?
Uh, oh – raw data in New Zealand tells a different story than the “official” one.
25 11 2009
Reposted from TBR.cc Investigate magazine’s breaking news forum:
New Zealand’s NIWA accused of CRU-style temperature faking
The New Zealand Government’s chief climate advisory unit NIWA is under fire for allegedly massaging raw climate data to show a global warming trend that wasn’t there.
The scandal breaks as fears grow worldwide that corruption of climate science is not confined to just Britain’s CRU climate research centre.
This is interesting. My web site students might (better!) find it useful.
http://www.thumboo.com/centennial-man.blogspot.com/#size
Thumboo
Online Thumbnail Generator
Quickly generate an instant web screenshot of any site!
I'd use one of these if I had a CD collection...
5 Free Tools To Quickly Convert A CD To An MP3 Collection
Nov. 27th, 2009 By Sharninder
No comments:
Post a Comment