Ian Robson reports: A finance company has admitted sending confidential information about customers, including their bank account numbers, to a stranger. Fiat Financial Services had sent a credit agreement to motorist Darren Wright after he bought a car. But they also posted the private details of five other customers who had applied for a loan….
More details on the second processor breach (corrected and updated)
My googling skills are paying off. Found this on TVACU.com: (not CardNet as originally cited; the CardNet notice is provided below the TVACU.com notice) On the heels of the Heartland Payment Systems breach, another U.S. acquirer-processor has confirmed a network intrusion exposing primary card numbers and card expiration dates for card-not-present (CNP) transactions. Unlike the…
NY: Misrouted medical faxes bedevil family
Marcele Rojas reports: Southeast resident Cathy Meyer reached her breaking point when she received a fax with a list of patients in Putnam Hospital Center’s psychiatric ward. The fax was from another department within the hospital, she said, seeking the patients’ medical charts. […] For more than a year, Meyer has received dozens of faxes…
More recent breaches we didn’t know about
Thanks to the New Hampshire Attorney General’s Office for posting breach notices online: Student Loan Xpress, Inc. reported (pdf) that the service provider for their student loans, American Education Services, inadvertently transmitted personal information on student loans to another lender that AES also has contracts with. The information may have included names, addresses, Social Security…
StayFriends members’ personal info exposed by SQL injection
The same individual, “unu,” who has been exposing other web sites vulnerable to SQL injection, has issued some screen shots showing how the German site, StayFriends, left its over 7 million users’ personal information vulnerable to exposure or access. According to the account of the hack, the exposure involved names, email addresses, passwords, some credit…
Meanwhile, back at the Heartland breach
Like most blogs, DataBreaches.net totally abandoned any attempt to track all of the affected entities. Instead, we have been trying to support BankInfoSecurity.com‘s efforts to keep track. Expect the numbers of affected banks and credit unions to rise to 500 or more next week after they have a chance to enter about five dozen links…