Joseph Menn reports that according to the FBI, cyberhackers were able to directly drain $40 million from bank accounts so far this year, “primarily targeting the small and mid-sized businesses that are themselves customers of small and mid-sized banks.” Jeffrey Troy, chief of the FBI’s cybercrime section, told the Financial Times that online bank thefts…
P2P fraudsters snare DoD employees and FL business; two indicted
Jeffrey Steven Girandola and Kajohn Phommavong have been charged in a previously sealed 16-count indictment with Conspiracy, Computer Fraud, Access Device Fraud and Aggravated Identity Theft. According to the indictment, which was handed up by a federal grand jury in San Diego, the defendants installed peer-to-peer file sharing software on computers under their control and…
UK: Action taken after tenants’ personal files go missing
The Information Commissioner’s Office (ICO) has found the Orbit Heart of England Housing Association to be in breach of the Data Protection Act after 57 paper files containing personal data went missing during an office move. Forty-two of the files were recovered in full, but 15 which contain a significant amount of personal data relating…
Two Official Kaspersky Websites Hacked
Lucian Constantin reports: A grey hat hacker has found a critical SQL injection weakness on the official Kaspersky Lab websites in Malaysia and Singapore. Exploiting the vulnerability leads to full compromise of the underlying database, which contains customer information, product keys and other sensitive data. The attack has been documented by a Romanian hacker calling…
Businesses still plagued by data breaches
An article by Jackie Noblett includes references to some recent breach notifications affecting Massachusetts residents that I do not recall ever seeing covered in the media: Three separate breaches at State Street Corp. affecting 42 Massachusetts residents involved State Street employees accidentally sending personal information of a customer to the wrong client or financial adviser…
Court Rejects Request to Consolidate TJX Hacker Cases
Kim Zetter of Threat Level reports that: A federal judge in Massachusetts has rejected a request from U.S. attorneys to consolidate a New Jersey case against Albert Gonzalez, who has admitted hacking more than 120 million credit card numbers from Heartland Payment Systems, with two other cases against him in Massachusetts. […] The case was…