Brian Krebs of Security Fix reports that Sprint sent letters to several thousand customers to inform them that a former employee sold or otherwise provided their account data without permission between December 2008 and January 2009. Updated Apr. 1: Sprint’s notification (pdf) to the NH Attorney General is now available online.
Category: ID Theft
Bits ‘n Pieces
In the justice system: Three Romanians have been arrested in Malta in connection with police investigations of credit card fraud amounting to thousands of euro. Some 60 credit cards, a false passport, computers and equipment used to produce false credit cards were seized from a house in Msida. More. Four men from Florida were indicted…
Rental Research Services, Inc. settles FTC charges that it sold credit reports to ID thieves
Rental Research Services, Inc. , a consumer reporting agency, and its principal, Lee Mikkelson, settled FTC charges that they failed to properly screen prospective customers and sold at least 318 credit reports to identity thieves. Under the settlement, the company and its principal must ensure that they provide credit reports only to legitimate businesses for…
AU: Bank confirms credit card fraud from Bottle Domains hack
On February 10, the Australian Domain Name Administrator (AuDA) reported that it had been notified by the Australian Federal Police (AFP) of a security incident involving domain registrar Bottle Domains. Another report at the time can be found here. Now eCommerce Report is reporting that one bank has confirmed fraud on some of the credit-cards…
Bits ‘n Pieces
In the justice system: John Shiefer, the Los Angeles computer security consultant who turned thousands of computers into zombies, was sentenced to four years in prison. More. Four Arizona men accused of spending more than $1 million using stolen credit cards are being held in a Maricopa County jail; they allegedly obtained the card numbers…
T-Mobile case update: indicted men were not employees
As an update to the story here: A spokesperson for the U.S. Attorney’s Office informs me that the 5 men who were indicted today were not employees of T-Mobile. They allegedly accessed and acquired the customer data via an authorization code that they obtained from the owner of a T-Mobile store. The owner of that…