Michael Riley reports: Hackers who raided the credit-card payment system of Neiman Marcus Group Ltd. belong to a sophisticated Russian syndicate that has stolen more than 160 million credit-card numbers from retailers over seven years, according to people with knowledge of the matter. The Russian group is well known to U.S. authorities, who have indicted…
Category: Business Sector
SQL Injection Leads To BigMoneyJobs.com Leak
From DataLossDB and Risk Based Security: Earlier today, a hacker identified as ProbablyOnion (who recently breached Boxee.tv) has posted data from a large job seeker website resulting in over 36,000 accounts being published online. The website BigMoneyJobs.com is a large hub for job seekers and employers looking to hire them. The breach was announced over Twitter and…
60,000 Personal Credentials Leaked From Syrian Sites
Lee J writes: Today a hacker from the European Cyber Army going by the handle @Zer0Pwn has announced a leak of data from two Syrian based websites job.sy, realestate.sy. The leak which is titled “ECA vs. Assad | Part 1″ was posted to Pastebin with a preview of some of the users’ data and a link to Sendspace. The attack is apart…
Is delaying notification for law enforcement purposes ever unreasonable?
Over on Security Bistro, Linda Musthaler discusses the recently disclosed Spec’s breach and the fact that Spec’s knew about the breach but was asked not to disclose it by law enforcement. We’ve seen this many times – delays in notification so as not to interfere with a law enforcement investigation. But should there be some…
FL: Call center employee and 7 others charged in ID theft fraud scheme involving AT&T customer info
A 22-count indictment charging eight defendants with participating in a conspiracy to unjustly enrich themselves by stealing personal identifying information of AT&T customers and using the information to make unauthorized wire transfers from the victims’ bank accounts and obtain unauthorized credit or debit cards has been unsealed in the Southern District of Florida. The indictment…
RK Internet notifies customers after malware snags their information
When RK Internet (“Rural King”) became suspicious on March 7th that their web server had been compromised, they brought in forensic investigators. Those investigators discovered that malware had been injected, and for transactions that occurred between February 6 until March 12, customers names, debit or credit card number with security code and expiration date, telephone…