Sunday, May 31, 2015

I'm not clear on how these cards work but apparently the “redeemable codes” connect your physical card to the balance on a “gift” account. If I connect my card to your account, shouldn't there still be a record that it was my card accessing the account? Apparently not in this case. Looks like this will be a real mess to clean up.
Oops.
Grocery giant Woolworths has scrambled to cancel over $1 million worth of shopping vouchers after a massive leak of customer data, in which it mistakenly emailed the redeemable codes of 8000 gift cards containing the customers’ names and email addresses.
Fairfax Media has obtained a copy of the email which contained an excel spreadsheet with the names and email address of thousands of customers and a downloadable link to 7,941 vouchers, worth a total of $1,308,505. It is understood the spreadsheet was emailed to more than 1000 people, all of whom could access the gift card codes and immediately begin shopping.
[From the article:
The data breach, which was discovered on Saturday morning, occured after customers purchased the vouchers from the online savings site Groupon, which ran a deal last week offering BIG W eGift cards, valued at $200 and $100, at a 7.5 per cent discount. The cards were redeemable at Woolworths online and in store, Big W stores, and Caltex petrol stations.
Once customers had paid for the vouchers via the Groupon site they were advised they would receive an email from Woolworths' Everyday Gift Cards containing a PDF attachment with the electronic voucher.
But when some customers proceeded to open the attachment they discovered the excel spreadsheet containing the links to over $1 million worth of vouchers.
… On Saturday evening, affected customers received an email from Woolworths advising them the gift cards had been cancelled.
But this, too, caused at least one customer further distress.
Mr James, who did not want to disclose his first name, said he "was embarrassed in front of a large number of people" after he attempted to buy his weekly groceries using his gift cards in a Woolworths store on Saturday, only to be told by staff he was using stolen cards.
"They took my money from my credit card and told me I was using stolen cards. I could not take the trolley of groceries home as I did not have enough money to pay.
"I tried to call Woolworths but no one picked up the phone.
When contacted by Fairfax Media, Woolworths refused to provide any detail on how the data breach occured or the number of customers affected. Instead, they issued a two-line statement.
"Woolworths takes the concerns of its customers and data security seriously," the statement read.
"We experienced a technical fault with an e-voucher offered to customers this week. We are working to resolve the issue and are assisting customers."




Again makes me wonder if they are serious about this case. What other items (evidence?) have they failed to secure?
Megaupload Sites Spreading Porn, Malware, And Founder Kim Dotcom Blames US Justice Department
A number of Megaupload Web domains seized by the U.S. Department of Justice three years ago as part of an anti-piracy raid appear to have been taken over again, this time by someone using the site's notoriety to spread porn and malicious software. Megaupload founder Kim Dotcom accused the Justice Department of failing to renew the domain registration, a claim that now appears to be grounded in truth.
… When the Department of Justice took control of the Megaupload domain, they registered it with Cirfu.net. But examinations by TorrentFreak and then Ars Technica have determined that someone in the Justice Department failed to follow up on the annual renewal, making it possible for a British hacker calling himself EarlGrey to win an auction for the URL rights.


(Related)
New Zealand’s spy agency forced to apologize for calling Kim Dotcom ‘fatty’
The Security Intelligence Service of New Zealand (SIS) was forced to publicly apologize to internet tycoon Kim Dotcom after the publication of internal emails in which the spies called him a “fatty” who was never going to get far from the cops on foot.
The series of embarrassing emails was released after the New Zealand Weekend Herald newspaper sent a request under freedom of information laws.
… The agency’s new chief Rebecca Kitteridge said, expressing regrets to Dotcom, that the staff involved in the correspondence had been given a talk. She added that the emails “do not reflect the level of professionalism that I expect to see in this organization”.
"Since that time, the NZSIS has well and truly learned that all internal communications must be completely professional,” she added, claiming that the conversation was held long ago and a lot of work has been done since then.


No comments: