Office supply chain Staples Inc. today finally acknowledged that a malware intrusion this year at some of its stores resulted in a credit card breach. The company now says some 119 stores were impacted between April and September 2014, and that as many as 1.16 million customer credit and debit cards may have been stolen as a result.
Complex Solutions to a Simple Problem
My inbox has been flooded of late with pitches for new technologies aimed at making credit cards safer and more secure. Many of these solutions are exceedingly complex and overwrought — if well-intentioned — responses to a problem that we already know how to solve
Banks: Park-n-Fly Online Card Breach
Multiple financial institutions say they are seeing a pattern of fraud that indicates an online credit card breach has hit Park-n-Fly , an Atlanta-based offsite airport parking service that allows customers to reserve spots in advance of travel via an Internet-based reservation system. The security incident, if confirmed, would be the latest in a string of card breaches involving compromised payment systems at parking services nationwide. In response to questions from KrebsOnSecurity, Park-n-Fly said it recently engaged multiple outside security firms to investigate breach claims made by financial institutions, but so far has been unable to find a breach of its systems.
In Damage Control, Sony Targets Reporters
Over the weekend I received a nice holiday letter from lawyers representing Sony Pictures Entertainment , demanding that I cease publishing detailed stories about the company’s recent hacking and delete any company data collected in the process of reporting on the breach. While I have not been the most prolific writer about this incident to date, rest assured such threats will not deter this reporter from covering important news and facts related to the breach. A letter from Sony’s lawyers
SpamHaus, CloudFlare Attacker Pleads Guilty
A 17-year-old male from London, England pleaded guilty this week to carrying out a massive denial-of-service attack last year against anti-spam outfit SpamHaus and content delivery network CloudFlare , KrebsOnSecurity has learned.
‘Security by Antiquity’ Bricks Payment Terminals
Last week, several thousand credit card payment terminals at various retailers across the country suddenly stopped working, their LCD displays showing a blank screens instead of numbers and letters. Puzzled merchants began to worry that this was perhaps part of some sophisticated hacker attack on their cash registers.
‘Poodle’ Bug Returns, Bites Big Bank Sites
Many of the nation’s top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes Web site traffic to eavesdropping. The discovery has prompted renewed warnings from the U.S. Department of Homeland Security advising vulnerable Web site owners to address the flaw as quickly as possible.
Unencrypted Data Lets Thieves ‘Charge Anywhere’
Charge Anywhere LLC , a mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014. In a statement released today, the South Plainfield, N.J.
More on Wiretapping ATM Skimmers
Last month, this blog featured a story about an innovation in ATM skimming known as wiretapping, which I said involves a “tiny” hole cut in the ATM’s front through which thieves insert devices capable of eavesdropping on and recording the ATM user’s card data.
Toward a Breach Canary for Data Brokers
When a retailer’s credit card systems get breached by hackers, banks usually can tell which merchant got hacked soon after those card accounts become available for purchase at underground cybercrime shops. But when companies that collect and sell sensitive consumer data get hacked or are tricked into giving that information to identity thieves, there is no easy way to tell who leaked the data when it ends up for sale in the black market. In this post, we’ll examine one idea to hold consumer data brokers more accountable.