CyberInsecure.com

Archive for the ‘Data Theft’ Category

Google employees hired before 2006 have been warned to watch out for possible attempts to steal their identities.
InformationWeek reports that in a letter last month, Google attorney Lewis A. Segall alerted New Hampshire Attorney General Kelly A. Ayotte that computers had been stolen from Colt Express Outsourcing Services, a third-party employee benefits administrator for Google and other companies, in early June.

Segall did so by forwarding a copy of the letter from Google’s director of corporate security and safety, Marty Lev, to employees affected by the Colt breach.

The information contained on the computers related to current and former Googlers who were with Google before December 31.2005; Googlers hired after December 31, 2005 were not affected due to new benefits administrator since that time. Specific personal information for employees and dependents included names, Social Security numbers, birth dates, addresses, hire dates, and relationships; but not driver’s license numbers, credit card numbers, or bank account numbers, or passwords, or PINs for any financial account.

Google’s letter says there is no evidence any personal information on the stolen computers has been misused. As a precautionary measure, the company is offering to enroll affected employees in Kroll’s IDTheftSmart identity and credit protection program for a year.

In a July 1 blog post, Microsoft developer Danny Thorpe, a former Google employee, said he had received such a letter.

In response to the credit monitoring offer, Thorpe said, “Well, that’s something at least. I appreciate Google’s gesture.”

The breach occurred on May 26, 2008, when someone broke into Colt’s Walnut Creek, Calif. office, according to Colt. The company says it has contacted the Walnut Creek police and the REACT high tech crime task force, based in Santa Clara, Calif. The investigation is ongoing.

According to the Identity Theft Resource Center, other companies affected by the breach include Avant Corp. (now part of Synopsys), Bebe, CBS’ CNET Networks, Ebara Technologies, and Punahou School.

At least 51,000 records were exposed in the breach at the parent company of Montgomery Ward. The venerable Wards chain that began in 1872 went out of business in 2001, but in 2004 a catalog company, Direct Marketing Services Inc., bought the brand name out of bankruptcy. It now runs a Wards.com Web site along with six other sites, including three with Sears brands it has acquired: SearsHomeCenter.com, SearsShowplace.com and SearsRoomforKids.com.

The financial company Citigroup detected the computer invasion in December. By going through HomeVisions.com, another Direct Marketing Services site, hackers had plundered the database that holds account information for all the company’s retail properties.

An online chatter was detected in June by Affinion Group Inc.’s CardCops, a group of investigators who track payment-card theft for financial institutions. In Internet chat rooms frequented by card thieves, CardCops spotted hackers touting the sale of 200,000 payment cards belonging to one merchant. CardCops then intercepted several hundred of the records, along with the online handles belonging to hackers whose real names remain unknown.

Along with the card numbers, their three-digit “security codes” and expiration dates, the thieves had the cardholders’ names, addresses and phone numbers. The data had been organized in the same way, indicating the numbers likely came from the same database. The vast majority of the cardholders were women, a clue that the records came from a merchant catering to a certain demographic.

When cardholders were contacted, the first eight said they had bought things online or through mail order from Montgomery Ward. Further investigation showed that there is a high probability that the entire database of Montgomery Ward was breached.

Direct Marketing Services immediately informed its payment processor and Visa and MasterCard and closely followed a set of guidelines, issued by Visa, on how to respond to a security breach, including a report to the U.S. Secret Service. Those guidelines from Visa are largely technical, and do not require the organizations that have been hacked to come clean to the affected consumers, not just to the financial industry. Companies that fail to comply can be hit with fines or be sued by affected customers, depending on the state.

As a result, scores of breaches covering hundreds of millions of consumer accounts have been disclosed by banks, universities, corporations and retailers in recent years. Direct Marketing Services now plans to contact consumers.

It is not clear whether the hackers were inflating their claim when they offered 200,000 records or whether the official number of 51,000 is accurate.

Maryland State Attorney General was notified by Balmar Incorporated about a breach that occurred between April 4, 2008 and April 30, 2008, in which sensitive customer information was compromised. Balmar is a provider of print and graphic communications services, as well as a regional provider of on-site production and administrative services, recently experienced a data security breach in its e-commerce site server.

Balmar has reason to believe that the personal information of 7 of its online customers who reside in the State of Maryland may have been accessed sometime between April 4, 2008 and April 30, 2008 without proper authorization. The personal information affected may include customer names, addresses, telephone numbers, emails, and credit card information.

Balmar has determined that at least one fraudulent credit card transaction has occurred as a result of this incident. A full analysis of their e-commerce server logs revealed on March 27, 2008, an individual initiated several SQL-injections queries on the main page of Balmar e-commerce website from an IP address in Viet Nam. Random queries were attempted over time through March 31st. By March 31st, the individual had gathered enough information to pipe the queries to a search bot. By April 4th, the search bot was able to access and transfer data from e-commerce server to a web page.

Once discovered, Balmar reported the incident to the Virginia State Police and the FBI; contacted the web page host to demand that the page be disabled; removed all credit card information from the affected area of the database and moved it to a secured area of the database that cannot be accessed by the method used during the incident; installed an additional database security solution to detect and prevent any future attempted security breaches; sent notice to affected customers by letter and e-mail.

Balmar’s investigation of this incident is ongoing. For more information, call 1 (800) 265-2724 or email bseger<at>balmar.com.

Altman Weil online store was compromised by a virus that may have exposed the credit card information of certain store customers. It has been discovered on May 16, 2008 by the company that hosts the online store website. The hosting company remains unnamed in the official Maryland State Attorney General breach notification, but the current hoster of Altman Weil online store seems to be mindSHIFT.

Upon learning of this unauthorized breach and attack, on that same day, Altman Weil immediately authorized the hosting company to shut the site down so that access was no longer possible. Altman Weil assured that the hosting company has preserved logs and electronic evidence, has logged all actions taken, and has not altered or compromised the systems.

According to the hosting company, the server on which the online store located was password protected and had current firewalls and security protection, but it seems like, what company calls “SQL virus”, may nonetheless have accessed credit card information.

This attack is currently under investigation in order to fully determine the extent to which credit card information of customers may have been accessed.

Altman Weil notified all card holders by letter of the situation and the possible risk. They notified police department located in Newton Square, Pennsylvania, where Altman Weil is located on May 23, 2008. Also contacted: Secret Service’s ECTF and Electronic Crimes Working Group, every state Attorney General in the states where potentially affected cardholders reside, Federal Trade Commission, Office of Thrift Supervision, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Board of Governors of the Federal Reserve System.

For more information, Joann Miller at Altman Weil, Inc. can be contacted at 610-886-2006, or via email at: jamiller<at>altmanweil.com.

Largest Belgian ISP announced today that 2,000 of its ADSL accounts were compromised earlier this year by hackers. Belgacom discovered details of its subscribers posted on a web page by hackers who are against download limits on Belgacom broadband internet connections.

In Belgium, about 90% of residential ISP customers are connected either via Belgacom or Telenet. Although the connections are fast, both ISPs last year had a maximum download limit of 12 GB/month. Whoever passes this limit gets the speeds dropped to 3 KB/s for the rest of the month, which is not enough for nowadays average online usage.

In December frustrated Belgian internet users signed a petition demanding more reasonable download limits and on 30 December tried to download as much as possible to show Internet traffic wasn’t significantly higher than on other days. Apparently a group of disgruntled users decided that wasn’t enough, and exposed the details 2,000 Belgacom accounts to the web.

Belgacom did not inform the public about this security breach to avoid panic. Belgacom spokesperson said that postal letters were sent to small groups of users since April and asked them to change passwords as a matter of precaution. The site exposing clients details was closed down immediately and there was no abuse reports since then. According to Belgacom it is a minor issue, since they got 1 million ADSL users and stolen details of only 2,000 of them is not a threat.

The University of Utah Hospitals & Clinics announced today about the recent theft of billing records. A metal box containing backup tapes, which contained billing records for approximately 2.2 million patients and guarantors, was stolen on Monday, June 2, from a car belonging to a driver who worked for an independent storage company contracted by the health-care system.

The driver discovered that someone had broken into his Ford Explorer outside his Kearns home and taken the box. The driver, who worked for Perpetual Storage Inc. for 18 years, was fired due to violation of protocols his company established to ensure secure data transportation. The company contracted by the university to transport and store the tapes, Perpetual Storage Inc., said this is the first and only such incident in its 40-year history.

The Salt Lake County Sheriff’s Department, the FBI and the U.S. Postal Service are investigating the theft. The investigation indicates that the theft was probably a random car burglary, and there is no evidence that the information on the tapes has been accessed or used for identity theft. The billing records included patient names, related demographic information and diagnostic codes.  None of the records contained credit card information. Records for a subset of 1.3 million patients also contained Social Security numbers.

The University of Utah Hospitals & Clinics has suspended deliveries of backup tapes to Perpetual Storage pending the review of all procedures and protocols for transporting and storing backup data. Additionally, the health-care system mailed notification letters to all 2.2 million patients and guarantors. Free credit monitoring and restoration service to be provided to patients whose records included Social Security numbers. Toll-free information line number for questions is 1-866-581-3599

The University of Utah Hospitals & Clinics is offering a $1,000 reward for the return of the tapes, no questions asked.  Those wishing to claim the reward may call the Sheriff’s Department at (801) 743-7000.

More information and resources can be found at http://healthcare.utah.edu/billingrecordstheft.

Cotton Traders clothing firm website was hacked earlier this year and credit card details of up to 38,000 customers were stolen by unidentified attackers. Customer addresses were also stolen in this incident. The firm has not yet released the full details of the breach.

In a statement to BBC News, Cotton Traders said all of its customers’ credit card data was encrypted on the website. The firm brought in industry security experts to resolve the problem and have recently upgraded all security on their website which has been validated by leading industry experts. It added: “We would like to reassure all our customers that their data is secure and that the Cotton Traders website meets all leading Industry security standards.”

The exact method used to hack the Cotton Traders website is unknown. The firm has said customers worried about their cards should contact their card provider.

According to Oregon State officials, credit card scammers may have defrauded 4,700 online customers of the school’s bookstore. In March, OSP began investigation into a report that approximately 30 OSU Bookstore customers’ personal information may have been compromised following online orders. Last week, telephone calls and e-mails began coming into the bookstore from customers who had noticed fraudulent charges on their credit cards almost immediately after placing online orders.

Bookstore servers were shut down when the security breach was discovered. The hackers tried different attacks on Bookstore website and evidently had found a vulnerability in it. The security breach appears to have originated outside the university, but where is unknown.

The Bookstore has alerted its online customers who had made a purchase and hired an outside agency to help with its own investigation and to provide guidance on strengthened security safeguards for its computing network.

Hackers broke into South Bend, Ind.-based 1st Source Bank system from the outside and compromised a server containing debit card data. The bank is currently reissuing its entire portfolio of debit cards, probably tens of thousands of them.

The $4.5-billion-asset bank with 79 branches in northern Indiana and southern Michigan began alerting customers last month after an outside monitoring service it uses noticed on May 12 an unusual flow of data from a bank server containing debit card data. The server was immediately shut down. The bank notified law-enforcement authorities and hired outside forensic firms to analyze the breach.

The server that holds debit card information transferred information out. It is unclear what percent of card holders is affected. The hackers got Track 2 data contained on magnetic stripes, including account numbers and PINs in at least some cases. The information how the hackers tapped the server was not released to public.

1st Source Bank is sending out letters reminding their customers to check their recent bank account activity. Out of an overabundance of care, the bank is reissuing new MasterCard-branded debit cards to all customers. 1st Source also is offering customers free credit-report monitoring for a year and called in a forensic computer specialist team from the Washington, D.C., area to shut down the breach immediately and to help determine who was behind it.

Bank officials have yet to tally the cost of mailings to customers, creating new debit cards, consultants’ fees, paying for identity theft protection and employee overtime related to the security breach.

So far no fraud has been discovered as a result of the intrusion.

State Street Corporation (NYSE: STT) said on May 29 that a disk drive containing personal details from 5,500 employees and 40,000 customer accounts was stolen. Lost details included individuals names, addresses, dates of birth, and, in some cases, Social Security numbers. The theft occurred in December and was reported to State Street in January. State Street didn’t disclose the breach publicly or to individuals until yesterday because it took months to determine who was affected.

State Street Corporation began sending precautionary notifications to employees and some customers of the former Investors Financial Services Corp. that computer equipment containing certain personal data was stolen from a vendor’s facility.

The compromised information was among a batch of data sent to an unnamed analysis firm located in the United States. At the time of the transfer, the data was encrypted, making it much more difficult to misuse. The firm had unencrypted the information for its work and stored it on the hard drive that was then stolen.

There is no evidence to date to suggest that the data has been misused or that legacy State Street customers or employees are impacted. The theft was reported to federal authorities. As a precaution, State Street is notifying legacy IBT employees and certain legacy IBT customers whose personal data was on the stolen computer equipment.

State Street has developed a dedicated section of its website with more details for the legacy IBT customers and employees who will receive these precautionary notifications. This information can be found at www.statestreet.com/notification and includes detail about a number of credit monitoring services being made available by State Street at no cost for two years. For questions and details customers may contact the usual customer representative . Employees may contact GHR Customer Service at +1 617 985 8040.

Sensitive information on about 1,000 patients at Walter Reed Army Medical Center and other military hospitals was exposed in a security breach, rising identity theft concerns and an investigation by the Army. The medical center learned of the breach on May 21 from an outside data mining company, which officials did not identify.

Walter Reed officials were notified of a possible disclosure of personally identifiable information through a Peer to Peer (P2P) network of approximately 1000 Military Health System beneficiaries. Names, Social Security numbers, birth dates and other information was released, hospital officials said Monday. The computer file that was breached did not include information such as medical records, or the diagnosis or prognosis for patients, they said. Preliminary results of an on-going investigation have identified a computer from which the data was apparently compromised.

Data security personnel from Walter Reed and the Department of the Army continue to investigate the source and causes for the information compromise. Walter Reed officials declined to explain exactly how the information was compromised, pending an ongoing investigation by the hospital and the Army.

The hospital said it is working to notify all of the people named in the data file. Letters or e-mails were being sent out, beginning Monday. Walter Reed plans to offer free credit protective services to patients whose information was revealed. The hospital also has set up a hot line for people to call to see if their information was disclosed (1-877-854-8542, ext. 9). A 24/7 hot-line has been established in the Combined Operations Center, 202-782-8333 or 877-854-8542 ext 9 and a info site on the web page is also being created.

Computers at Pocono Mountain School District were breached by a hacker in May 30, who apparently tapped into confidential information concerning students and their parents, the district’s superintendent said Friday. District superintendent sent letters on Friday afternoon telling parents about the apparent breach, which the district found out about the previous evening. Parents got the letters when their children returned at the end of the school day.

The information that may have been compromised includes Student ID, network password, SSN if provided, ethnicity, gender, birth date, grade, grade year, building no., building name, homeroom no., homeroom teacher, attendance code, dietary allergies, bus assignment, free/reduced lunch status, home phone, primary home mailing address, secondary mailing address, parent names, parent phone numbers, emergency contact names, and emergency contact phone numbers.

The district’s technical staff had noted some irregularities during a routine security check Thursday night. They detected some activity that seemed a little “unusual”. The technical staff is checking to see to what extent any personal information, and to whom it may belong, had been compromised.

The district referred the matter to Pennsylvania State Police at Swiftwater for further investigation.

In case of unauthorized activity, it is possible to contact the office of Executive Director of Technology at (570) 873-7121 Ext. 10151.