Robin Hood-like Hackers Breach Security Company Site
Stratfor clients and donate it to various charities. As the Times reported:The hackers posted a list online that they say contains Stratfor’s confidential client list as well as credit card details, passwords and home addresses for some 4,000 Stratfor clients. The hackers also said they had details for more than 90,000 credit card accounts. Among the organizations listed as Stratfor clients: Bank of America, the Defense Department, Doctors Without Borders, Lockheed Martin, Los Alamos National Laboratory and the United Nations.
The group also posted five receipts online that it said were of donations made with pilfered credit card details. One receipt showed a $180 donation from a United States Homeland Security employee, Edmund H. Tupay, to the American Red Cross. Another showed a $200 donation to the Red Cross from Allen Barr, a recently retired employee from the Texas Department of Banking. Neither responded to requests for comment.
The hackers said on Twitter that the attack, which began on Dec. 24, would be the beginning of “a weeklong holiday hacking spree,” according to the TImes. The group also defaced the Stratfor web site, which as of Dec. 27 was still “undergoing maintenance.”
A Good News, Bad News Breach
Good News Garage is sending out thousands of letters this week warning that a thief broke into a car the day after Thanksgiving and stole a backpack containing a data tape with the names, addresses and in some cases the Social Security numbers of Good News Garage vehicle donors dating back 15 years.
That’s the bad news. But here’s the good news:
Investigators won’t say where the burglary occurred, but the information on the tape was encrypted.
Good News Director Michael Muzzy tells WPTZ-TV (http://bit.ly/uhmX92 ) none of the people on the list have reported any signs their identities were being used improperly.
Muzzy says security procedures have been changed since the burglary.
Visa Europe Investigates Security Breach
Visa is investigating a potential security breach at an European payment processor that might have affected cardholders in eastern Europe.
“Visa Europe has been informed of a potential data security breach at a European processor and an investigation is underway,” the company said in a statement. “We are working closely with our member banks to ensure cardholders are protected,” it added … Multiple banks have been alerted and some have already taken steps to limit the potential fraud. Romanian state-owned CEC Bank is in the process of reissuing 17,000 payment cards as a result of the incident.
543 Million Records Breached Since 2005
The Privacy Rights Clearinghouse, San Diego, has tracked 535 breaches involving 30.4 million sensitive records as of mid-December of 2011. This brings the total reported records breached in the United States since 2005 to 543 million, the organization says.
“This is a conservative number,” says Privacy Rights Clearinghouse Director Beth Givens. “We generally learn about breaches that garner media attention. Unfortunately, many do not. And, because many states do not require companies to report data breaches to a central clearinghouse, data breaches occur that we never hear about. Our chronology is only a sampling.”
The story also offers a list of the largest breaches in 2011, including this one from April:
Epsilon, an email service provider for companies, reported a breach that affected about 75 client companies. Email addresses and customer names were affected. Epsilon has not disclosed the names of the companies affected or the total number of names stolen. However, millions of customers received notices companies, making this the largest security breach ever. Conservative estimates place the number of customer email addresses breached at 50 to 60 million. The number of customer emails exposed may have reached 250 million.
We also reported on the Epsilon breach in a previous roundup.
