Boomerang Tags, a company that sells pet tags and collars, has joined the ranks of e-commerce sites compromised by malware. In a letter dated April 25th to the New Hampshire Attorney General’s Office, Don Carrick, the owner of BoomerangTags.com, writes that the malware was inserted on or before July 4, 2013, and was first discovered by…
Category: Malware
Michaels Stores (finally) confirms breach affecting 2.6M cards at Michaels, 400K at Aaron Brothers
Michaels Stores, who announced on January 25 that they had been informed of a possible breach that they were investigating, has now (finally) confirmed the breach first reported by Brian Krebs. Posted on their web site today: In January, we notified you that we might have experienced a data security incident. We wanted you to…
Hackers target 55,000 VFW members (updated)
Jermont Terry reports: Local veterans said they are just learning now their identities may have be stolen from the VFW. Cyber hackers broke into the agency’s website and likely compromised military plans, not to mention the peace of mind of vets. This security breach happened back in February but it seems the thousands of vets…
Whitehat hacker goes too far, gets raided by FBI, tells all
Sean Gallagher reports on an interesting revelation concerning the second data breach at the University of Maryland: A whitehat hacker from the Baltimore suburbs went too far in his effort to drive home a point about a security vulnerability he reported to a client. Now he’s unemployed and telling all on reddit. David Helkowski was working…
Is delaying notification for law enforcement purposes ever unreasonable?
Over on Security Bistro, Linda Musthaler discusses the recently disclosed Spec’s breach and the fact that Spec’s knew about the breach but was asked not to disclose it by law enforcement. We’ve seen this many times – delays in notification so as not to interfere with a law enforcement investigation. But should there be some…
RK Internet notifies customers after malware snags their information
When RK Internet (“Rural King”) became suspicious on March 7th that their web server had been compromised, they brought in forensic investigators. Those investigators discovered that malware had been injected, and for transactions that occurred between February 6 until March 12, customers names, debit or credit card number with security code and expiration date, telephone…