[IP] 40 million credit cards hack'd

To: Ip ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] 40 million credit cards hack'd
From: David Farber <dave@xxxxxxxxxx>
Date: Tue, 21 Jun 2005 18:57:17 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <200506212245.j5LMjVZU003221@xxxxxxxxxxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: Gregory Hicks <ghicks@xxxxxxxxxxx>
Date: June 21, 2005 6:48:41 PM EDT
To: dave@xxxxxxxxxx
Cc: ghicks@xxxxxxxxxxx
Subject: Re: 40 million credit cards hack'd
Reply-To: Gregory Hicks <ghicks@xxxxxxxxxxx>


From the Firewall-Wizards list discussing "transitive trust"...

-----Original Message-----

Subject: [fw-wiz] Transitive Trust: 40 million credit cards hack'd

40M credit cards hacked
Breach at third party payment processor affects 22 million Visa cards
and 14 million MasterCards.
http://money.cnn.com/2005/06/17/news/master_card/index.htm?cnn=yes

This sounds like (yet another) classical example of "transitive trust
gone wrong." Visa/MasterCard trusted a 3rd party to hold their data
and - oops - the trust was misplaced.

From: "Paul Melson" <pmelson@xxxxxxxxx>
Subject: RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd

And here we go...

http://www.thedenverchannel.com/money/4633901/detail.html

DENVER -- CardSystems Solutions Inc. is admitting it made a huge
mistake after some 40 million credit card accounts ended up in the
wrong hands. Some of those account numbers are already being sold on a
Russian Web site, and some consumers are already finding fraudulent
charges on their statements.

[...snip...]

Credit card data is being bought and sold on what is now a profitable
black market.

"We saw a lot of chatter in Russian chat rooms over the weekend talking
about this as a big win for the good guys, you know, the electrical
crime groups," said John Watters with iDefense.

Sellers of credit card data can make a bundle. Online fraud analysts
estimate a basic Mastercard number is worth more than $42. A premium
card, such as a platinum or gold card with a high limit, is almost
$70.

[...snip...]

Visa and Mastercard estimate that 40 million accounts could be
affected, but CardSystems Solutions said that less than 68,000 credit
cards are at "high-risk."

Everyone is advised to keep a close eye on their statements and to
notify their bank or credit card company as soon if they see anything
suspicious. Cardholders can dispute purchases that were not made by
them and will not be held liable for any purchases determined to have
been made fraudulently.

The compromised data included names, banks and account numbers, but not
addresses or Social Security numbers, so the information could be used
to steal money, but not identities.

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] The Data Fleecing of America
Next by Date: [IP] Sen. Chuck Schumer rails against violent video game; books, news articles next? [fs]
Previous by thread: [IP] The Data Fleecing of America
Next by thread: [IP] Sen. Chuck Schumer rails against violent video game; books, news articles next? [fs]
Index(es):
- Date
- Thread