NEW YORK - A security breach of customer information at a credit card transaction company could expose to fraud up to 40 million cardholders of multiple brands, MasterCard International Inc. said Friday.
The credit card giant said its security division detected multiple instances of fraud that tracked back to CardSystems Solutions Inc., which processes credit card and other payments for banks and merchants.
The compromised data included names, banks and account numbers — not addresses or
Social Security numbers, said MasterCard spokeswoman Sharon Gamsin. Such data could be used to steal funds but not identities.
It was the latest in a series of security breaches affecting valuable consumer data at major financial institutions and data brokers in an increasingly database-driven world.
The breach appears to be the largest yet involving financial data, said David Sobel, general counsel at the Electronic Privacy Information Center.
"The steady stream of these disclosures shows the pressing need for regulation of the industry both in terms of limitation in the amount of personal information that companies collect and also liability when these kinds of disclosures occur," Sobel said.
A flurry of disclosures of breaches affecting high-profile companies including Citigroup Inc., Bank of America Corp. and DSW Shoe Warehouse has prompted federal lawmakers to draw up legislation designed to better protect consumer privacy.
CardSystems was hit by a virus-like computer script that captured customer data for the purpose of fraud, Gamsin said. She said she did not know how the script got into the system. The
FBI' name=c1> SEARCHNews News Photos Images Web' name=c3> FBI was investigating.
MasterCard, which said about 14 million of its own cards were exposed, first announced the breach in a news release late Friday afternoon, saying it was notifying its card-issuing banks of the problem.
Under federal law, credit card holders are liable for no more than $50 of unauthorized charges, and many card issuers including MasterCard will even waive the $50.
Reached on his cell phone, CardSystems' chief financial officer, Michael A. Brady, said: "We were absolutely blindsided by a press release by the association."
He refused to answer any questions and referred calls to the company's chief executive, John M. Perry, and its senior vice president of marketing, Bill N. Reeves. A message left for Perry and Reeves at the company's Atlanta offices was not immediately returned.
CardSystems processes less than 0.5 percent of American Express' domestic transactions, said company spokeswoman Judy Tenzer. She said a small number of its cardholders were affected, though she did not have an exact figure.
"We are aware of the situation, we're closely monitoring it and we do have an investigation under way," Tenzer said.
Discover Financial Services Inc. said it was aware of the situation and would not say whether any of its cards were involved. Visa USA and a large issuer of cards, MBNA Corp., did not immediately calls seeking comment.
CardSystems, which has a processing center in Tuscon, Ariz., has been in business for more than 15 years and handles transactions for more than 115,000 small to mid-sized businesses, according to the company's Web site. The company says it processes transactions worth more than $15 billion annually.
Sobel said the fact that the latest breach involved a third party "indicates that this is a shadowy industry where the consumer never really knows who is going to be handling and using their personal information," he added. "Presumably, the affected consumers thought they were dealing with MasterCard."
Earlier this month, Citigroup said United Parcel Service lost computer tapes with sensitive information from 3.9 million customers of CitiFinancial, a unit that provides personal and home loans.
There have also been breaches involving other kinds of sensitive data.
ChoicePoint Inc. said in February that thieves using stolen identities had created 50 dummy businesses that pulled data including names, addresses and Social Security numbers on as many as 145,000 people.
In March, LexisNexis Inc. disclosed that hackers had commandeered a database and gained access to the personal files of as many as 32,000 people.
The company has since increased its estimate of the people affected to 310,000. Information accessed included names, addresses and Social Security and driver's license numbers, but not credit history, medical records or financial information, corporate parent Reed Elsevier Group PLC said in a statement.
"Hardly a week goes by without startling new examples of breaches of sensitive personal data, reminding us how important it is to pass a comprehensive identity theft prevention bill in Congress quickly," said Sen. Charles Schumer (news, bio, voting record), D-N.Y.
___
AP writers Anick Jesdanun, Adam Geller, Harry Weber, Ted Bridis, Arthur Rotstein and Marcy Gordon contributed to this report.
Friday, June 17, 2005
Sony Tackles Dual-Layer DVD
A few months ago CRN Test Center engineers looked at the Sony DRU-720A, one of the first DVD recorders that could burn 8.5-Gbyte double-layer and single-layer DVD discs. Here we look at Sony's DRU-800A DVD burner, the latest in Sony's lineup, which can record on both double-layer and dual-layer discs. System builders should take note, as the technology allows users to burn discs more quickly and use the latest media.
Both types of drives are currently available only in write-once formats, and they're referred to as DVD+R DL and DVD-R DL. The DL discs can store up to four hours of MPEG-2 video, and are compatible with many home DVD players and DVD-ROM drives.
The DRU-800A is Sony's first disc recorder that supports DVD-R dual-layer and DVD+R double-layer recording, both at 4X recording speed. It can also record on write-once DVD+R and DVD-R media at 16X. The drive can record on DVD+RW at 8X and on DVD-RW media at 6X. It can also record on CD-R media at 48X and on CD-RW media at 24X.
The internal ATAPI drive can be installed in place of an existing CD-ROM drive, or along with a read-only drive to speed disc copying. The drive comes with a white front bezel attached, but Sony also includes a black replacement front bezel in case the drive is being installed in a black enclosure. The drive must be installed in an 800MHz Pentium III or faster with at least 128 Mbytes of memory and 10 Gbytes of hard disk space.
Windows 2000 or XP is also required.
Included software programs are Nero Burning ROM 6 SE and Nero Express 6 CD/DVD mastering software; Nero VisionExpress 2 authoring software; Nero InCD 4 packet writing software; Nero ShowTime DVD-video playing software; Nero PhotoSnap, which captures digital photos right from a digital camera or scanner; Nero MediaHome streaming media server; Nero Recode2 DVD-video converter to back up unprotected DVDs; Nero BackItUp for complete PC backup and more.
Written by: By Marc Spiwak
Both types of drives are currently available only in write-once formats, and they're referred to as DVD+R DL and DVD-R DL. The DL discs can store up to four hours of MPEG-2 video, and are compatible with many home DVD players and DVD-ROM drives.
The DRU-800A is Sony's first disc recorder that supports DVD-R dual-layer and DVD+R double-layer recording, both at 4X recording speed. It can also record on write-once DVD+R and DVD-R media at 16X. The drive can record on DVD+RW at 8X and on DVD-RW media at 6X. It can also record on CD-R media at 48X and on CD-RW media at 24X.
The internal ATAPI drive can be installed in place of an existing CD-ROM drive, or along with a read-only drive to speed disc copying. The drive comes with a white front bezel attached, but Sony also includes a black replacement front bezel in case the drive is being installed in a black enclosure. The drive must be installed in an 800MHz Pentium III or faster with at least 128 Mbytes of memory and 10 Gbytes of hard disk space.
Windows 2000 or XP is also required.
Included software programs are Nero Burning ROM 6 SE and Nero Express 6 CD/DVD mastering software; Nero VisionExpress 2 authoring software; Nero InCD 4 packet writing software; Nero ShowTime DVD-video playing software; Nero PhotoSnap, which captures digital photos right from a digital camera or scanner; Nero MediaHome streaming media server; Nero Recode2 DVD-video converter to back up unprotected DVDs; Nero BackItUp for complete PC backup and more.
Written by: By Marc Spiwak
UK Targeted for Massive Trojan Attacks
UK businesses and government organizations have been targeted for network attacks, according to a warning from a British security agency.
The National Infrastructure Security Coordination Center (NISCC) has issued an alert detailing plans of malicious hackers residing in East Asia.
According to the agency, the attackers have developed Trojan horse programs designed to steal data from parts of the national infrastructure, which includes companies in the finance, transportation and telecommunications sectors as well as government agencies.
High Alert
The NISCC report noted that the attacks are ongoing, with the majority directed against the central government. Despite this focus, the agency warns that "other UK organizations, companies and individuals are also at risk."
Companies and organizations running Microsoft (Nasdaq: MSFT - news) software seem to be the most vulnerable, according to the NISCC, but no details were provided about how the Trojans might be infiltrating those systems in particular.
UK-based security firm Sophos was brought in to help the agency analyze the Trojans. The firm noted that, in every case, the malware's aim was to install either a keylogger or other data-capturing software and transmit information found back to the attacker.
Sophos reported that two-thirds of the Trojans were known, but that the other third were variants not seen before.
Surprising, But Expected
The alert itself is surprising, noted Sophos security consultant Carole Theriault, because it is unusual for the agency to issue such a serious warning.
But the Trojan threat is not news to those in the UK's security labs. "We've been banging on about Trojans for months," said Theriault. "It's great that someone else, especially someone that's not a vendor, is saying this is a serious problem."
Sophos has seen several serious Trojans and their variants for some time, she added, and more seem to arrive weekly. With the new alert gaining widespread attention, Theriault and others in the security community hope that users will take preventative measures.
"Awareness has been raised, and, even better, many media reports here are talking about what people can do to protect themselves," she said. "I hope to God that people take it seriously and start protecting their machines."
Written by: Elizabeth Millard, cio-today.com Fri Jun 17, 2:19 PM ET
The National Infrastructure Security Coordination Center (NISCC) has issued an alert detailing plans of malicious hackers residing in East Asia.
According to the agency, the attackers have developed Trojan horse programs designed to steal data from parts of the national infrastructure, which includes companies in the finance, transportation and telecommunications sectors as well as government agencies.
High Alert
The NISCC report noted that the attacks are ongoing, with the majority directed against the central government. Despite this focus, the agency warns that "other UK organizations, companies and individuals are also at risk."
Companies and organizations running Microsoft (Nasdaq: MSFT - news) software seem to be the most vulnerable, according to the NISCC, but no details were provided about how the Trojans might be infiltrating those systems in particular.
UK-based security firm Sophos was brought in to help the agency analyze the Trojans. The firm noted that, in every case, the malware's aim was to install either a keylogger or other data-capturing software and transmit information found back to the attacker.
Sophos reported that two-thirds of the Trojans were known, but that the other third were variants not seen before.
Surprising, But Expected
The alert itself is surprising, noted Sophos security consultant Carole Theriault, because it is unusual for the agency to issue such a serious warning.
But the Trojan threat is not news to those in the UK's security labs. "We've been banging on about Trojans for months," said Theriault. "It's great that someone else, especially someone that's not a vendor, is saying this is a serious problem."
Sophos has seen several serious Trojans and their variants for some time, she added, and more seem to arrive weekly. With the new alert gaining widespread attention, Theriault and others in the security community hope that users will take preventative measures.
"Awareness has been raised, and, even better, many media reports here are talking about what people can do to protect themselves," she said. "I hope to God that people take it seriously and start protecting their machines."
Written by: Elizabeth Millard, cio-today.com Fri Jun 17, 2:19 PM ET
AOL Patches Netscape Browser, Fixes IE Breakdown
America Online Friday rolled out a patched Netscape 8.0 browser that finally fixed a bug which broke rival Internet Explorer's ability to render some XML pages
In late May, a developer on Microsoft IE's team blasted Netscape and AOL for the bug, and told users who had installed Netscape 8.0 to uninstall the browser so they could use Internet Explorer. In turn, AOL said that such an extreme move was "just silly."
At that time, a spokesman for AOL promised a fix for Netscape would be available within days.
The newly-patched Netscape 8.02, which can be downloaded free of charge, resolves the IE XML issue, Netscape said in the release notes accompanying the update.
Other bugs, some of which caused the browser to crash, have also been fixed, the notes continued, and the software's performance has been tweaked as well.
By TechWeb News
In late May, a developer on Microsoft IE's team blasted Netscape and AOL for the bug, and told users who had installed Netscape 8.0 to uninstall the browser so they could use Internet Explorer. In turn, AOL said that such an extreme move was "just silly."
At that time, a spokesman for AOL promised a fix for Netscape would be available within days.
The newly-patched Netscape 8.02, which can be downloaded free of charge, resolves the IE XML issue, Netscape said in the release notes accompanying the update.
Other bugs, some of which caused the browser to crash, have also been fixed, the notes continued, and the software's performance has been tweaked as well.
By TechWeb News
Thursday, June 16, 2005
Study: AOL Leads in Zombie Infections
AOL is the global network most infected with "zombie" PCs, according to a new study.
Prolexic has spent the last six months compiling information on the problem of zombies using real-world denial-of-service attack attempts generated by the hijacked machines. AOL accounted for 5.3 percent of all infections, with Deutsche Telekom in second place with 4.67 percent, and Wannadoo third with 3.27 percent.
The most infected countries as a percentage of the total detected were the U.S. (18 percent), China (11.2 percent), Germany (9.6 percent), the U.K. (5.1 percent), and France (5.1 percent). However, calculating zombie numbers on a per capita basis, the most infected countries turned out to be Hong Kong, Germany, Malaysia, Hungary, and the U.K., in that order.
High Profile ISPs
"It shouldn't be a surprise to find that some of the most high profile Internet Service Providers are most susceptible to providing a safe haven for large numbers of zombie PCs," says Prolexic CTO Barrett Lyon. "It is these networks which are continually being exploited to support large scale DDoS attacks."
"Just because a home user subscribes to a reputable brand doesn't mean they're safe from the online criminal fraternity," he says.
AOL has since defended itself by pointing out that it is by some way the largest ISP, and that the number of zombies on its network is actually low in relation to the total number of its subscribers.
Prolexic was at pains to emphasize that its zombie data was culled from attempted real-world attacks, and not traffic to research honeypots, used by some to calculate zombie incidence. The company's business is in selling "clean pipe" Internet connections so the assumption is that the data comes from attempts through its own network.
The company said it had seen a shift in the way zombies were being used for DDoS attacks in recent months. Attackers now favored "full connection based flood" whereby real IP addresses were apparent to the defenders. Such a brute force type of approach could still work because the sheer number of addresses could overload blacklisting systems.
Written by: John E. Dunn, Techworld.com Thu Jun 16,12:00 PM ET
Prolexic has spent the last six months compiling information on the problem of zombies using real-world denial-of-service attack attempts generated by the hijacked machines. AOL accounted for 5.3 percent of all infections, with Deutsche Telekom in second place with 4.67 percent, and Wannadoo third with 3.27 percent.
The most infected countries as a percentage of the total detected were the U.S. (18 percent), China (11.2 percent), Germany (9.6 percent), the U.K. (5.1 percent), and France (5.1 percent). However, calculating zombie numbers on a per capita basis, the most infected countries turned out to be Hong Kong, Germany, Malaysia, Hungary, and the U.K., in that order.
High Profile ISPs
"It shouldn't be a surprise to find that some of the most high profile Internet Service Providers are most susceptible to providing a safe haven for large numbers of zombie PCs," says Prolexic CTO Barrett Lyon. "It is these networks which are continually being exploited to support large scale DDoS attacks."
"Just because a home user subscribes to a reputable brand doesn't mean they're safe from the online criminal fraternity," he says.
AOL has since defended itself by pointing out that it is by some way the largest ISP, and that the number of zombies on its network is actually low in relation to the total number of its subscribers.
Prolexic was at pains to emphasize that its zombie data was culled from attempted real-world attacks, and not traffic to research honeypots, used by some to calculate zombie incidence. The company's business is in selling "clean pipe" Internet connections so the assumption is that the data comes from attempts through its own network.
The company said it had seen a shift in the way zombies were being used for DDoS attacks in recent months. Attackers now favored "full connection based flood" whereby real IP addresses were apparent to the defenders. Such a brute force type of approach could still work because the sheer number of addresses could overload blacklisting systems.
Written by: John E. Dunn, Techworld.com Thu Jun 16,12:00 PM ET
Subscribe to:
Posts (Atom)
