John Leyden reports: A serious vulnerability that potentially allowed shoplifters to empty eBay ProStores shops and swipe customer credit cards has been fixed – according to the security researcher who says he found the hole. Mark Litchfield, an infosec pro at Securatary, told us he discovered a flaw in eBay-owned ProStores that not only opened the door…
Category: U.S.
Bank drops lawsuit against Target and Trustwave
Jeremy Kirk reports that Trustmark National Bank, one of the two plaintiffs in a lawsuit filed by banks against Target and Trustwave, has filed a notice of voluntary dismissal to drop their role in the lawsuit. Because the lawsuit was dropped without prejudice, the bank may re-file the suit at some point, although I suspect…
TX: Document Shredding Company Employee Eyed in ID Theft Ring
Scott Gordon reports: A Fort Worth man who worked for a document shredding company did not destroy bank records and instead shared them with thieves, according to court documents. The number of potential victims is in the thousands and the total loss may be in the millions of dollars, a law enforcement source told NBC…
Claims that Trustwave was responsible for monitoring Target’s network “baseless” – Trustwave
Yesterday, Trustwave issued a statement on its website about allegations made in lawsuits against Target naming it as a co-defendant. The letter, signed by Trustwave CEO Robert J. McCullen reads: March 29, 2014 Dear Customers and Business Partners, As some of you may know, Trustwave was recently named as a defendant in lawsuits relating to the…
In split vote, MCCCD extends contract with law firm for data breach-related services (updated)
I usually don’t find news about law firms’ contracts with respect to data breach-related services particularly noteworthy, but in the context of Maricopa County Community College District (MCCCD)’s data breach response, there’s been a newsworthy aspect. Last year, MCCCD hired the law firm of Wilson Elser to handle their breach response. As I noted on…
FL: Another Defendant Sentenced In Identity Theft Tax Refund Fraud Scheme Involving Thousands Of Patients’ Personal Identity Information
There’s an update to a case first reported here earlier this year, and then updated here. As my investigation uncovered, the involved medical facility was Apex Laboratory, Inc., who, as of January 28, 2014, had not submitted any breach notification to HHS. Marquis Onigirin Moye, 24, of Pompano Beach, was sentenced for his participation in…