http://www.databreaches.net/?p=8877
BJ’s, Bank Not Liable for Credit Card Fraud
December 15, 2009 by admin Filed under Business Sector, Financial Sector, ID Theft, Of Note
CUMIS Insurance Society and the credit unions it insures have failed in their lawsuit against BJ’s Wholesale Club and Fifth Third Bank over a 2004 breach that affected 9.2 million cardholders.
The background of the case, as summarized in the court opinion:
In February, 2004, Visa and MasterCard determined that computer thieves had gained access to the computer systems on which BJ’s stored credit card transaction data at more than 150 stores, and that the breach had been ongoing since July, 2003. The breach provided the thieves access to the full magnetic stripe data from approximately 9.2 million cardholder accounts, allowing them access to cardholder names, account numbers, account expiration dates, and proprietary Visa and MasterCard security data. It was ultimately determined that the third-party transaction processing software used by BJ’s was permanently storing the magnetic stripe data in transaction logs. The agreements between BJ’s and Fifth Third contained a requirement that BJ’s comply with Visa and MasterCard’s regulations, including those prohibiting BJ’s from storing any magnetic stripe data after a transaction was completed; the agreements among Fifth Third and Visa and MasterCard required Fifth Third to ensure that its merchants complied with the regulations. BJ’s conceded that it was retaining the magnetic stripe data.
Visa and MasterCard notified all their member issuing banks that had issued any of the possibly compromised accounts. In response to this notification, the plaintiff credit unions closed all their potentially compromised accounts, without regard to whether fraudulent charges had been made on a particular account; advised cardholders to destroy their old plastic credit cards; and issued new account numbers and new plastic credit cards to all affected cardholders. Cumis paid the plaintiff credit unions millions of dollars for fraudulent transactions made using the compromised accounts; the plaintiff credit unions and Cumis then commenced this action.
The credit unions and their insurer, Cumis, argued that they were third-party beneficiaries of contracts between card brands and Fifth Third and between BJ’s Wholesale Club and Fifth Third. The court did not agree. Jeff Gorman reports that
The trial court sided with BJ’s, and the state high court affirmed, saying the contract was exclusively between BJ’s and Fifth Third.
The contract stated: “This agreement is for the benefit of, and may be enforced only by, (Fifth Third) and (BJ’s) … and is not for the benefit of, and may not be enforced by, any third party.”
The court also tossed fraud and negligence claims against BJ’s and Fifth Third Bank, saying they never misled the credit unions and Cumis about their compliance with Visa and MasterCard regulations. [Would a Certification of compliance with PCIDSS be considered “misleading” to the credit unions? Bob]
Related: Court Opinion (pdf)
Update: Jaikumar Vijayan pf Computerworld also covers this story.
Worth reading the article.
http://www.databreaches.net/?p=8886
Document Details Help TJX Hacker Gave Prosecutors
December 15, 2009 by admin Filed under Breach Incidents
Kim Zetter reports:
Admitted TJX hacker Albert Gonzalez has identified two Russian accomplices who helped him hack into numerous companies and steal more than 130 million credit and debit card numbers.
Gonzalez told prosecutors that the hackers breached at least four card processing companies, as well as a series of foreign banks, a brokerage house and several retail store chains, according to a sentencing memo filed by his lawyer on Tuesday that was incorrectly redacted.
Read more on Threat Level.
[From the article:
By identifying intrusions that “had not yet been detected,” his lawyer wrote, Gonzalez helped the companies institute protective measures to secure their data and prevent future breaches.
Anyone can fall for a phisher's message.
http://www.phiprivacy.net/?p=1638
UCSF doc falls for phish, exposes patient info
By Dissent, December 15, 2009 8:34 pm
Chris Rauber reports:
UC San Francisco said late Tuesday it has alerted 600 patients and others that an external hacker may have obtained “temporary access to emails containing their personal information” as a result of a late September phishing scam.
The breach occurred about three months ago, and was investigated in mid-October, but wasn’t disclosed to the public until Dec. 15. Corinna Kaarlela, UCSF’s news director, told the San Francisco Business Times late Tuesday that individuals whose data may have been compromised were notified between Oct. 21, when an in-depth investigation began, and Dec. 11, when it was completed.
UCSF said Tuesday that an unnamed faculty physician in the School of Medicine was victimized in late September by the alleged scam. The physician provided a user name and password in response to an email message fabricated by a hacker, that appeared as if it came from those responsible for upgrading security on UCSF internal computer servers.
Read more in the San Francisco Business Times.
If you don't actually understand a subject (in this case Privacy) you find yourself falling into these logic traps. I doubt they set out to encourage lying...
Facebook Suggests You Lie, Break Its Own Terms Of Service To Keep Your Privacy
by Jason Kincaid on December 15, 2009
Another first? How are numbers stored on a cell phone different from those stored in hand-written form?
http://www.pogowasright.org/?p=6355
OH Court: Cell phone searches require warrant
December 15, 2009 by Dissent Filed under Court, Surveillance
Stephen Majors of the Associated Press reports:
Police officers must obtain a search warrant before scouring the contents of a suspect’s cell phone unless their safety is in danger, a divided Ohio Supreme Court ruled Tuesday on an issue that appears never to have reached another state high court or the U.S. Supreme Court.
The Ohio high court ruled 5-4 in favor of Antwaun Smith, who was arrested on drug charges after he answered a cell phone call from a crack cocaine user acting as a police informant.
Read more in The Miami Herald.
Could a resolution like this one be translated back to the pre-Internet world? i.e. Would a “gift certificate” work as well as a “select, download, install” screen?
http://news.cnet.com/8301-10805_3-10416402-75.html?part=rss&subj=news&tag=2547-1_3-0-20
EU resolves Microsoft IE antitrust case
by Lance Whitney December 16, 2009 5:28 AM PST
… As part of the settlement, Windows PCs sold in the European Economic Area will now present users with a Choice Screen, allowing them to install alternative browsers beyond Internet Explorer.
The world is changing.
http://www.time.com/time/business/article/0,8599,1947790,00.html
Study: Texting Edging Out Cell-Phone Calls
By AP / HOPE YEN Tuesday, Dec. 15, 2009
(Related)
http://www.techcrunch.com/2009/12/15/facebook-passes-aol/
Facebook Passes Aol In The U.S.
by Erick Schonfeld on December 15, 2009
Another resource for my Statistics students.
http://www.bespacific.com/mt/archives/023029.html
December 15, 2009
Census Bureau Releases 2010 Statistical Abstract Depicting the State of Our Nation
Texting More Than Doubles in the Last Year: "How r u? The way we communicate is rapidly evolving, as evidenced by the fact that the number of text messages sent on cell phones has more than doubled from 48 billion in December 2007 to 110 billion in December 2008, according to the U.S. Census Bureau’s Statistical Abstract of the United States: 2010. The Statistical Abstract, aka “Uncle Sam’s Almanac,” perennially the federal government’s best-selling reference book, has been published since 1878 — before automobiles, airplanes and motion pictures had even been invented. Contained in the 129th edition are more than 1,400 tables of social, political and economic facts which collectively describe the state of our nation and the world. Included are 53 new tables, covering topics such as worldwide space launch events this decade, the use of complementary and alternative medicine, the type of work flexibility provided to employees, employment status of veterans and road fatalities by country."
See also Pew Research Center’s Internet & American Life Project: Teens and Sexting, December 2009
Realted postings on texting
This is an interesting business model. Not a bad investment model either. NOTE: Would they have flagged Bernie Madoff as a genius?
kaChing Raises $7.5 Million To Turn Mutual Funds On Their Heads
by Jason Kincaid on December 15, 2009
… It invites top traders to publicly share all of their trades, revealing information that until now was only revealed to the likes of Ivy League institutions. Rachleff says the top traders benefit because they can accept many amateur investors as clients with very little extra work on their part. And everyone else benefits because they gain access to this data.
Here’s how it works: kaChing has gathered a dozen top investors, many of them professionals, which it has certified to be “Geniuses”. Anyone who comes to the site is free to look at the full trading history of these Geniuses, free of charge. If you like what you see, you can sign up for kaChing and create a brokerage account through its partner, Interactive Brokers (a well established and publically traded brokerage firm). Deposit some money (the minimum is $3,000) and you’re set. From then on, the site will automatically execute trades for you to exactly mirror the Genius you’ve signed up for.
Until we develop a complete eDoctor, this will have to do.
Dad Delivers Baby Using Wiki
Posted by samzenpus on Tuesday December 15, @04:29PM from the 9cm-edited dept.
sonamchauhan writes
"A Londoner helped his wife deliver their baby by Googling 'how to deliver a baby' on his mobile phone. From the article: 'Today proud Mr Smith said: "The midwife had checked Emma earlier in the day but contractions started up again at about 8pm so we called the midwife to come back. But then everything happened so quickly I realized Emma was going to give birth. I wasn't sure what I was going to do so I just looked up the instructions on the internet using my BlackBerry."'"
Not sure how many eBook users read my blog, but this looks interesting.
Calibre-eBook.com - For Those Who Love eBooks
… In principle, it is a solution that makes for the management of eBooks. Using it you can take care of a wealth of aspects such as the downloading of new titles and the syncing of these titles to eBook reader devices. Moreover, the provided dashboard makes it possible for anybody to download news from the WWW and have them turned into an eBook.
Calibre is available both for Windows and Mac users. Linux is fully supported, too. All you have to do to set going is to download the app (for free) and install it.
This could be real interesting if I can have one for each class I teach and share it with my students. Even just having a personal copy I can put on the overhead would be useful.
Spaaze.com - Organizing Information Visually
The site works as an (unlimited) space where you can situate just anything you come across such as YouTube videos and your favorite sites along with assorted links.
Creating an account can be done in several ways – you can do so by using your Yahoo! Credentials, or you can sign in using your OpenID. Once you are inside, you will receive a basic amount of Spaaze Points that you can use to start playing around with the website.
This site might work for you or not. Since it can be tried out for free during the provided beta phase, now it would be a good time to find it out.
Geeks are always looking for Easter Eggs, but Fortune Cookies?
No comments:
Post a Comment