Citibank ATM Network Breach

July 3, 2008

Laptop theft Between October 2007 and March 2008, thieves stole millions from Citibank’s network of ATM machines in 7-Eleven retail stores. They successfully accessed PIN codes from an undetermined number of accounts. There are nearly 5,700 Citibank-branded ATMs inside 7-Eleven stores throughout the United States. The thieves were apprehended and allegedly made $2 million in illegal profits.

What’s more disturbing is that such data intrusions often go unreported.

When it comes to ATM cards, I strongly advise:

Do not tie multiple accounts to your PIN code.
Keep a limited amount in the account.
Use common sense to keep your PIN code safe (i.e. obscure code, don’t tell anyone)

Reader Suggestion: GuideToGo

July 2, 2008

mobile website Boris in Japan suggests we check out the mobile site GuideToGo. Read more

Written by Roland · Filed Under All, Mobile

Reader Suggestion: MetalVideo.com

July 2, 2008

mobile website Michael in the United States suggests we check out this Heavy Metal Music Videos mobile site. Read more

Written by Roland · Filed Under All, Mobile

Reader Suggestion: The Fantasy Football Geek Blog

July 2, 2008

mobile website Matthew from Rochester, New York, suggested we check out the mobile friendly website The Fantasy Football Geek Blog. Read more

Written by Roland · Filed Under All, Mobile

Scottish Ambulance Service Loses 895,000 Patient Records

June 30, 2008

Laptop theft The ENCRYPTED disk contained 894,629 call records between February 2006 and June 2008, including the addresses of incidents, phone numbers and patient names.

Unlike so many other incidents, at least this company:

Encrypted their data before transporting it.
Immediately notified authorities.
Immediately admitted to the public what happened and disclosed details.
Doesn’t try to hide the incident from the public.

June Bad Month For 411,000 U.K. Customers of Virgin Media, HSBC and Cotton Traders

June 30, 2008

Laptop theft Virgin Media lost an unencrypted computer disk containing data on 3,000 customers that signed up for services via Carphone Warehouse stores in the United Kingdom. Records contain bank details, names and addresses. No mention at all on VirginMedia.com or CarPhoneWarehouse.com.

HSBC lost a computer disk containing data on 370,000 customers. Records contain details such as name, date of birth, level of insurance coverage, and whether or not a customer is a smoker. I found no mention on HSBC.co.uk or HSBC.com.

The BBC reports that records for 38,000 credit card customers have been stolen from U.K. clothing firm Cotton Traders. The company disputes the number of affected customers. There is no mention of the incident on CottonTraders.co.uk.

51,000 Wards Credit Card Records Exposed

June 28, 2008

Laptop theft This data loss was the result of specific attacks against their online network. The criminals proceeded to sell the credit card numbers online. Information included the card numbers, their three-digit “security codes”, expiration dates, as well as the cardholders’ names, addresses and phone numbers.

At least 51,000 records were exposed in the breach at the parent company of Montgomery Ward. The venerable Wards chain that began in 1872 went out of business in 2001, but in 2004 a catalog company, Direct Marketing Services Inc., bought the brand name out of bankruptcy. It now runs a Wards.com Web site along with six other sites, including three with Sears brands it has acquired: SearsHomeCenter.com, SearsShowplace.com and SearsRoomforKids.com.

Definitely read the whole article. The company tries to shift blame because the guidelines from Visa on how to respond to a security breach didn’t mention that the company should also inform the affected consumers.

It just illustrates the point that these type of events probably happen more frequently than most of us suspect and are often covered up to prevent a public relations crisis.