Iain Thomson reports: The FBI has charged a former JP Morgan employee with selling customer information to thieves who wanted to empty accounts without triggering any alarms. Unsealed court records [PDF] recount that Peter Persaud, who worked at JP Morgan’s Brooklyn branch, contacted an undercover FBI informant, and allegedly offered to sell him the account details of…
Former Blue Cross worker pleads guilty to filing over 180 fraudulent tax returns
WTVM reports that a former Blue Cross Blue Shield customer service employee has pleaded guilty to filing false tax returns, wire fraud, and aggravated identity theft. Danielle Wallace admitted to filing 180 fraudulent tax returns and stealing nearly $500,000. The false returns used personal information obtained from Blue Cross Blue Shield members who had called the…
Pennsylvania-based Summit Health joins ranks of those falling for phishing
On March 18, attorneys for Summit Health, Inc. in Pennsylvania notified the Maryland Attorney General’s Office that on February 19, the hospital had learned that some of its employees had fallen for a phishing attempt. As a result of the successful phishing, employees’ information in the Lawson Employee Self-Service System, used to access payroll and benefits information, may…
Oops – don’t forget to scrub those drivers license images!
On March 20, 2015, attorneys for the Central Dauphin School District in Pennsylvania notified the Maryland Attorney General’s Office of a breach involving visitors’ drivers license images. The district has a security system that involves scanning visitors’ drivers licenses when they enter the administration building. The laptop that stored those images, which was provided by…
Tiversa’s CEO responds to former employee’s testimony in FTC v. LabMD
Tiversa CEO Robert Boback has responded to the testimony of a former employee, Richard (“Rick”) Wallace at yesterday’s hearing in FTC v. LabMD. In a statement sent to this site, he writes: What was probably lost on most people in the audience was that Wallace testified that HE downloaded the 1,718 file (the LabMD file in…
PayIvy Sells Your Online Accounts Via PayPal
Brian Krebs reports: Normally, if one wishes to buy stolen account credentials for paid online services like Netflix, Hulu, XBox Live or Spotify, the buyer needs to visit a cybercrime forum or drop into a dark Web marketplace that only accepts Bitcoin as payment. Increasingly, however, these accounts are showing up for sale at Payivy[dot]com, an open Web marketplace that happily accepts PayPal in exchange for…