I'm not clear on how these cards work but
apparently the “redeemable codes” connect your physical card to
the balance on a “gift” account. If I connect my card to your
account, shouldn't there still be a record that it was my card
accessing the account? Apparently not in this case. Looks like this
will be a real mess to clean up.
Oops.
Grocery giant Woolworths has scrambled to cancel over $1 million worth of shopping vouchers after a massive leak of customer data, in which it mistakenly emailed the redeemable codes of 8000 gift cards containing the customers’ names and email addresses.
Fairfax Media has obtained a copy of the email which contained an excel spreadsheet with the names and email address of thousands of customers and a downloadable link to 7,941 vouchers, worth a total of $1,308,505. It is understood the spreadsheet was emailed to more than 1000 people, all of whom could access the gift card codes and immediately begin shopping.
Read more on The
Sydney Morning Herald.
[From
the article:
The data breach, which was discovered on Saturday
morning, occured after customers purchased the vouchers from the
online savings site Groupon, which ran a deal last week offering BIG
W eGift cards, valued at $200 and $100, at a 7.5 per cent discount.
The cards were redeemable at Woolworths online and in store, Big W
stores, and Caltex petrol stations.
Once customers had paid for the vouchers via the
Groupon site they were advised they would receive an email from
Woolworths'
Everyday Gift Cards containing a PDF attachment with the
electronic voucher.
But when some customers proceeded to open the
attachment they discovered the excel spreadsheet containing the links
to over $1 million worth of vouchers.
… On Saturday evening, affected customers
received an email from Woolworths advising them the gift cards had
been cancelled.
But this, too, caused at least one customer
further distress.
Mr James, who did not want to disclose his first
name, said he "was embarrassed in front of a large number of
people" after he attempted to buy his weekly groceries using his
gift cards in a Woolworths store on Saturday, only to be told by
staff he was using stolen cards.
"They took my money from my credit card and
told me I was using stolen cards. I could not take the trolley of
groceries home as I did not have enough money to pay.
"I tried to call Woolworths but no one picked
up the phone.
When contacted by Fairfax Media, Woolworths
refused to provide any detail on how the data breach occured or the
number of customers affected. Instead, they issued a two-line
statement.
"Woolworths takes the concerns of its
customers and data security seriously," the statement read.
"We
experienced a technical fault with an e-voucher offered to
customers this week. We are working to resolve the issue and are
assisting customers."
Again makes me wonder if they are serious about
this case. What other items (evidence?) have they failed to secure?
Megaupload
Sites Spreading Porn, Malware, And Founder Kim Dotcom Blames US
Justice Department
A number of Megaupload Web domains seized by the
U.S. Department of Justice three years ago as part of an anti-piracy
raid appear to have been taken over again, this time by someone using
the site's notoriety to spread porn and malicious software.
Megaupload founder Kim Dotcom accused the Justice Department of
failing to renew the domain registration, a claim that now appears to
be grounded in truth.
… When the Department of Justice took control
of the Megaupload domain, they registered it with Cirfu.net. But
examinations by TorrentFreak
and then Ars
Technica have determined that someone
in the Justice Department failed to follow up on the
annual renewal, making it possible for a British hacker calling
himself EarlGrey to win an auction for the URL rights.
(Related)
New
Zealand’s spy agency forced to apologize for calling Kim Dotcom
‘fatty’
The Security Intelligence Service of New Zealand
(SIS) was forced to publicly apologize to internet tycoon Kim Dotcom
after the publication of internal emails in which the spies called
him a “fatty” who was never going to get far from the cops on
foot.
The series of embarrassing emails was released
after the New Zealand Weekend Herald newspaper sent a request under
freedom of information laws.
… The agency’s new chief Rebecca Kitteridge
said, expressing regrets to Dotcom, that the staff involved in the
correspondence had been given a talk. She added that the emails “do
not reflect the level of professionalism that I expect to see in this
organization”.
"Since that time, the NZSIS has well and
truly learned that
all internal communications must be completely professional,”
she added, claiming that the conversation was held long ago and a lot
of work has been done since then.
No comments:
Post a Comment