In this issue, we discuss how "hackers" are directly targeting businesses to access
non-public customer information.
There seems to be a recent rash of reports
about large numbers of non-public customer information falling into the wrong hands. The Bad Guys don't seem to be targeting
the banks directly, but going after their merchant customers.
A recent case uncovered
over 40 million credit card accounts from across the world had been sold by a single ring. They had stolen many more millions
of cards, but hadn't yet sold them all. The card information ring had been 'in business' since 2003, and wasn't
shut down until February of 2007.
The targets of this ring reads like a Who's Who of
American retailers – TJ Maxx, Barnes and Noble, BJ's Wholesale Club, The Sports Authority, Office Max and Boston
Market.
TJ Maxx alone had 45 million cards stolen. In their case, a single store was
targeted in the Miami area where a program was loaded that gave the hackers access to the customer information as quickly as it was entered into their merchant card system.
The crooks
also pilfered Debit Card information. They encoded cards which were used to steal tens of thousands of dollars from ATMs.
For consideration: What
is your plan if a merchant customer of yours is breached? What are your liabilities? What is your policy if you have one
customer that has $500 taken from a checking account? What if it's 10 customers? Or 100? What is your Reputation Risk?
GLBA requires that you verify the security of your vendors, but what about the security of your customers?
For more information:
11 Charged in Global Theft, Sale Of 40 Million Card Numbers
Hackers affect debit and ATM networks
