Two suspects skim cards at the ATM door

February 08, 2012

Two men have been charged with applying a new take on ATM skimming fraud -- placing the data-stealing device on the card reader at the door, not on the actual cash machine.
 

MasterCard announces product future around EMV

February 07, 2012

The EMV standard, widely considered an effective way to curb counterfeit card fraud because it requires a microchip to be embedded in a credit or debit card or on a mobile device, is gradually picking up steam in the U.S.
 

SEC accuses Latvian man of hacking brokerage accounts

January 31, 2012

The federal Securities and Exchange Commission has charged a Latvian man with participating in a scheme that manipulated the value of more than 100 New York Stock Exchange and Nasdaq stocks.
 

Visa advises on more secure credit card transactions

January 16, 2012

Visa has issued best practices that detail how retailers, card issuers and processors can upgrade their credit card transaction technology to a chip-based model, so to avoid burdensome complexity, cost and time to market.
 

Secret Service charges Romanian man with ATM fraud

January 09, 2012

A Romanian citizen, with an expired U.S. visa, has been arrested on charges of serving as the "installer" of skimming devices on some 40 ATMs in the New York City area.
 

Counterfeit card maker pleads in ATM skimming bust

December 21, 2011

A 21-year-old Connecticut woman on Tuesday pleaded guilty to participating in an ATM skimming operation between February and July, the U.S. attorney's office in Connecticut said.
 

NYC authorities charge 55 in cyber fraud, ID theft ring

December 19, 2011

The defendants were part of a coordinated operation that resulted in the theft of more than $2 million from JP Morgan Chase Bank, TD Bank, Citibank, Discover and American Express.
 

Court tosses claims against Heartland Payment over breach

December 13, 2011

After more than two years of litigation, a U.S. District judge has dismissed nine of the 10 causes of action brought forth as part of a class-action lawsuit by nine banks.
 

Former UBS banker sentenced for fraud

November 30, 2011

A former bank executive has been sentenced to 33 months in prison for committing 84 fraudulent wire transfers that deposited $673,000 of UBS Securities funds into his personal accounts.
 

Three indicted in New York on ATM skimming charges

November 22, 2011

Two of the three men accused of swiping the debit card credentials of 1,490 ATM users in Manhattan remain behind bars. The other defendant is at large.
 

ACH debit transfer emails leading to malware

November 10, 2011

Attackers have been circulating a trojan via email messages with subjects such as "ACH payroll payment was not accepted by Central Trust and Savings Bank."
 

Banker trade group warns of phishing uptick

October 27, 2011

Cybercriminals typically ramp up their phishing efforts during the holiday season and following natural disasters, according to the American Bankers Association.
 

TD Ameritrade settles lawsuit over major breach

October 10, 2011

While TD Ameritrade maintains that no identity theft resulted because of a 2007 breach, it has decided to compensate customers "in the interest of helping ease" their concerns.
 

Couple files suit against Citigroup over breach

October 10, 2011

A couple from New York state is seeking class-action status for a lawsuit against Citigroup, alleging that the third-largest U.S. bank has "taken no steps" to protect victims in the wake of a massive data breach, according to reports. Citi admitted in June that 360,083 accounts - about 1.5 percent of its card customer base - were compromised in the attack, in which hackers infiltrated the online banking platform, Citi Account Online, and viewed customer account numbers and contact information.The plaintiffs, Kristina and Steven Orman of Northport, N.Y., filed the suit on Friday in response to fraudsters allegedly charging their credit cards and stealing money from their bank accounts.
 

More than 100 charged in ID theft ring

October 10, 2011

The organized structure of a huge identity theft operation, based in New York, allowed members to make millions in profits.
 

Countrywide insider gets eight months in prison for theft

September 28, 2011

A senior analyst at Countrywide Financial was ordered to pay $1.2 million in restitution after pleading guilty to his role in a scam to steal personal data of customers.
 

Official: FBI investigating 400 bank account takeovers

September 19, 2011

Despite fresh guidance and quicker fraud detection, the FBI actively is investigating more than 400 cases of corporate bank account takeovers, an official told federal lawmakers last week. Gordon Snow, the FBI's assistant director of the cyber division, told a House Financial Services subcommittee that these cases, in which criminals initiate unauthorized Automated Clearing House and wire transfers from seized accounts belonging to mostly small and midsize businesses, have resulted in the attempted theft of more than $225 million and actual losses of around $85 million. In his remarks, Snow also discussed risks related to ATM skimming, mobile banking and supply chain compromise.
 

Microsoft adds "major" update to detect Zeus trojan

September 15, 2011

Microsoft has introduced a "fairly major" update to its Malicious Software Removal Tool to detect and kill infections of the insidious and constantly morphing data-stealing malware family known as Zbot, or Zeus. Since the software giant first added detection for Zeus last October, hundreds of thousands of Windows PCs have been expunged of the threat, prominent in banking and e-commerce fraud. But as Zeus, which recently merged code bases with SpyEye, continues to acquire advanced evasion capabilities, Microsoft has had to fight "sneakiness with sneakiness," according to a blog post on Wednesday. The company introduced the update as part of its monthly security patches, released on Tuesday.
 

Hacker "soldier" steals $3.2 million from U.S. companies

September 15, 2011

Researchers at Trend Micro say they have been hot on the tracks of a corporate hacker, and now they are turning over their findings to U.S. law enforcement.
 

Breaking down the updated FFIEC guidance

Sarah Fender, vice president, PhoneFactor September 15, 2011

As attackers have found a way to break traditional online banking security controls, recently issued guidelines offer some new advice for financial institutions.
 

Criminals abusing Amazon cloud to spread SpyEye

July 29, 2011

Amazon's Simple Storage Service (S3) is being used to host malicious sites distributing the nefarious banking trojan.
 

Senate hearing set to update anti-hacking law

July 25, 2011

The U.S. Senate Judiciary Committee next week plans to hold a hearing focused on updating the Computer Fraud and Abuse Act (CFAA), a national anti-hacking law first enacted in 1984 that makes it illegal to access government or financial institution computers without authorization. A White House cybersecurity legislative plan to Congress, released in May, proposed broadening the scope of CFAA and increase penalties under the statute. Witnesses for the hearing are scheduled to include James Baker, associate deputy attorney general for the U.S. Department of Justice, and Pablo Martinez, deputy special agent in charge of the Criminal Investigative Division of the U.S. Secret Service. The hearing is planned for 10 a.m. on Aug. 3 and can be viewed online.
 

FFIEC guidance addresses corporate account takeover

June 29, 2011

The long-awaited update to the Federal Financial Institutions Examination Council (FFIEC) guidelines around authentication has been released.
 

U.S. lead on huge phishing ring receives 13 years in prison

June 28, 2011

A Los Angeles man has earned considerable time behind bars after serving as the U.S. head of a phishing operation that stole more than $1 million from the customers of two banks.
 

Bitcoin currency exchange compromised, database stolen

June 20, 2011

The largest Bitcoin currency exchange market, Mt.Gox, is currently offline after suffering a cyberattack that caused the market to crash.
 

New trojan aims to steal Bitcoin virtual currency

June 17, 2011

Criminals are targeting the digital currency Bitcoin with new malware designed to steal victims' online wallets, several security firms warned this week.
 

Citi says 150,000 more affected by breach

June 16, 2011

Citigroup revealed Wednesday that hackers gained access to the account information of significantly more customers than originally thought. In an updated news release issued Wednesday, the nation's third-largest bank said that after completing an investigation, it concluded that 360,083 accounts were compromised in the attack, in which hackers infiltrated Citibank's online banking platform, Citi Account Online, and viewed customer account numbers and contact information, including email addresses. Additional data that would be needed to commit fraud, such as expiration dates or card security codes, was not exposed. Citigroup originally reported that 210,000 account holders were affected.
 

IMF latest victim of "major" cyberattack, breach

June 13, 2011

The International Monetary Fund (IMF) has suffered a major cyberattack, the latest incident in a string of cyberattacks against high-profile organizations.
 

Citibank cyberattack affects 210,000 customers

June 09, 2011

Citibank, the third largest bank in the U.S., this week disclosed that hackers broke into its systems and gained access to the personal information of hundreds of thousands of customers.
 

Judge rules bank not at fault for corporate account fraud

June 08, 2011

In a potentially precedent-setting court ruling, a U.S. magistrate judge has ruled that a bank is not responsible for covering the loss of nearly $300,000 that was illegally wired out of the bank account belonging to a Maine construction company.
 

Travel, education sectors most vulnerable to phishing

May 24, 2011

Researchers at KnowBe4 sent simulated phishing messages to more than 3,500 small and midsized enterprises and found that recipients at nearly 500 companies clicked on a link contained in the message.
 

FBI warns of millions lost in fraudulent transfers to China

April 27, 2011

The FBI is probing 20 new cases of U.S. businesses losing millions of dollars to cybercriminals, who then siphoned off the cash to accounts in China.
 

Texas breach affects millions of state employees, retirees

April 12, 2011

The Texas comptroller's office on Wednesday will begin notifying 3.5 million state employees and retirees that their unencrypted personal data was inadvertently posted to a public server.
 

A slew of banks, retailers affected by Epsilon email breach

April 04, 2011

A growing list of companies, including Capital One, U.S. Bank, Citigroup and JPMorgan Chase, are notifying customers that their email addresses were stolen by hackers.
 

Texas ringleader of pump-and-dump scam arrested

March 22, 2011

Federal agents arrested the alleged ringleader of an international securities fraud racket that used hackers, botnet operators and email spam to drive up the value of stocks.
 

Goldman Sachs programmer sentenced for code theft

March 21, 2011

A software programmer charged with copying secret financial trading code from Goldman Sachs computers was sentenced Friday to eight years in prison. Sergey Aleynikov, 41, a naturalized U.S. citizen who emigrated from Russia, had resigned from his $400,000-a-year Goldman Sachs position in June 2009 to take a new job in Chicago. Before going, however, he uploaded code related to the firm's proprietary trading program from his workstation to a server in Germany and then downloaded it to his computers at home. Aleynikov was also ordered to pay a $12,500 fine and serve three years of supervised release following his sentence.
 

Trojan steals session IDs, bypasses logout requests

February 22, 2011

A new banking trojan targeting U.S. customers has the ability to keep online account sessions open after customers believe they have logged off, enabling criminals to surreptitiously steal money.
 

Canadian finance ministries breached

February 17, 2011

Reports are breaking of a breach of two high-level finance ministries in Canada. The attack, which occured last month, purportedly originated in China, but as in earlier cases, the attackers may have routed the intrusion through China to disguise their origin. The executive offices of the Finance Department and the Treasury Board were penetrated through the use of social engineering tactics, which involved fake emails sent to government employees to trick them into giving up passwords. A government spokesperson claimed there was no indication any classified information was siphoned off. A Chinese foreign ministry spokesperson denied any involvement by China. - GM
 

RSA Conference 2011: CISO panel expects innovation, offers advice

February 16, 2011

Tools that better classify data, provide deep-packet inspection and offer risk management for organizations migrating to the cloud are three solutions areas ready to make their mark in the security industry, predicted a panel of CISOs on Tuesday.
 

Don Truslow named executive director of FSIC

February 15, 2011

The Financial Stability Industry Council (FSIC) appointed its first executive director, Don Truslow, a former chief risk officer for Wachovia, where he held leadership positions in finance, risk management and corporate banking. The FSIC promotes the interests of financial services firms before government entities. Truslow has been a member of the organization's Roundtable Council since 1999. - GM
 

ID fraud incidents decline in 2010, but costs go up

February 08, 2011

Incidents of identity fraud declined last year, thanks in part to fewer reported breached records, but the cost per incident rose, according to a new survey.
 

Hackers breach Nasdaq; trading systems not affected

February 07, 2011

Nasdaq OMX, the company that runs the world's largest electronic stock exchange, said it detected suspicious files on its U.S. servers.
 

N.Y. broker charged for boosting stock prices with spam

February 01, 2011

A New York stock broker has been indicted for his role in a spam-driven, pump-and-dump stock scheme that involved junk mail king Alan Ralsky.
 

FDIC phishing emails use Patriot Act scare tactic

January 13, 2011

Fraudulent emails claiming to come from the Federal Deposit Insurance Corp. (FDIC) are attempting to trick users into handing over their sensitive personal information, the agency said in a warning issued Wednesday to clients and customers. The messages claim that the FDIC has withdrawn deposit insurance from the targeted user's account "due to account activity that violates the Patriot Act." Recipients are directed to follow a link included in the message that could lead to phishing sites or malware, the agency said. Financial institutions and consumers should not follow the link or provide any personal information. - AM
 

Views regarding PCI compliance are mostly positive

January 12, 2011

A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.
 

Visa strengthens its network fraud detection

January 07, 2011

Visa has enhanced the security of its electronic credit card authorization system, known as VisaNet, to improve the speed and accuracy of fraud detection, the card brand announced Thursday. Earlier this year, Visa improved the processing platform of its Advanced Authorization technology so that it can analyze more information and perform more functions faster. "This provides Visa with a comprehensive view into the global payments system, leading to high levels of intelligence around spending patterns and improving the company's ability to detect and prevent fraud in near real-time," Visa said. The company believes the improvements could lead to a 29 percent gain in fraud detection over 2009. - DK
 

Zeus botnet targeting Macy's, Nordstrom account holders

December 09, 2010

A new Zeus botnet is targeting the credit card accounts of several major U.S. retailers, including Macy's and Nordstrom, according to researchers at online banking security firm, Trusteer.
 

Senate votes to exempt lawyers, doctors from Red Flags

December 02, 2010

Lawyers, doctors and accountants may avoid having to comply with the Federal Trade Commission's new identity theft rule.
 

FBI warns of SMS and phone-based phishing scams

November 24, 2010

The FBI issued a warning on Wednesday about so-called "smishing" and "vishing" scams, which are likely to be prevalent this holiday season.
 

Malaysian man charged with hacking into bank systems

November 19, 2010

A Malaysian man was indicted Thursday on charges he hacked into the networks of a number of financial institutions to amass some 400,000 stolen credit and debit card numbers, according to federal prosecutors.
 

Web applications remain a pressing concern

November 17, 2010

Vulnerabilities in web applications remain the preferred entryway for crooks seeing valuable company information, Rob Lamb, vice president of IBM security products, said Wednesday at SC Congress Canada in Toronto.
 

Mobile application threat not here yet, but it's on the way

November 16, 2010

The mobile application threat space still is in its infancy, but organizations should be planning for the possibility of things heating up in the near future, said the security director of a major bank in Canada.
 

Popular data exchange app "Bump" suffers security lapse

November 08, 2010

Bump Technologies, maker of the popular data exchange application Bump, said it has corrected a problem that could have exposed users' information.
 

Two alleged Zeus mules arrested in Wisconsin

November 05, 2010

Two Moldovan men were charged this week for their involvement with the Zeus trojan, which has been used to steal millions of dollars from U.S. bank accounts. Dorin Codreanu and Lilian Adam, both 21, are believed to have been "money mules," responsible for transferring stolen funds to accomplices overseas. The pair was arrested in Wisconsin and is set to be transferred to New York to face charges of conspiracy to commit bank fraud, according to reports. The men are among the 37 individuals charged late last month in U.S. District Court in Manhattan for their role in the scheme. — AM
 

New phishing scam preys on military, families

November 02, 2010

A new phishing campaign attempts to steal money from members of USAA, a banking and insurance firm for U.S. military members and their families, researchers at email security firm AppRiver warned Tuesday. Researchers have noticed heavy traffic related to the spam run, whose messages include a link that directs users to a fake USAA login page, Troy Gill, security analyst at AppRiver, wrote in a blog post. The company has discovered more than 1,500 unique domains being used in the attack. — AM
 

Disgruntled Fannie Mae "logic bomber" found guilty

October 11, 2010

A federal jury in Baltimore has convicted a former Fannie Mae programmer of computer intrusion after he sought to destroy more than 4,000 company servers by planting a malicious script that was scheduled to activate roughly three months after he was fired. Rajendrasinh Makwana, 36, faces up to 10 years in prison for seeding a common application with "logic bomb" malware on Oct. 24, 2008, the day he was fired, the U.S. Department of Justice said last week in a news release. Five days later, a senior engineer discovered the disgruntled Makwana's actions, which were meant to destroy financial, securities and mortgage information. Makwana, who had pleaded innocent, is scheduled to be sentenced Dec. 8. — DK
 

U.S. authorities charge 70 money mules in Zeus ring

September 30, 2010

State and federal prosecutors on Thursday announced a massive bust of money mules who were involved in a ring that bilked U.S. bank account holders out of millions through the spread of the Zeus trojan.
 

U.K. police arrest 19 in major Zeus bust

September 29, 2010

Police in the U.K. have arrested 19 individuals believed to be part of an organized cybercrime network that used the Zeus trojan to steal millions of dollars from U.K. bank accounts.
 

Is the United States the weakest link when it comes to credit card security?

Jose Diaz, director of technical and strategic business development at Thales e-Security September 29, 2010

Nations abroad may be forging ahead of the United States in terms of offering consumers enhanced cardholder protection, but the decision to move toward technology such as chip-and-PIN is not always cut and dry.
 

LinkedIn spam run aims to foist Zeus on victim PCs

September 28, 2010

Users of LinkedIn are being targeted in a massive spam campaign designed to install the bank credential-stealing Zeus trojan on their machines. The emails, accounting for nearly a quarter of all spam at one point Monday, mimic LinkedIn invitations, according to Cisco. But when users click on the link contained in the message, they are delivered to a website that reads "PLEASE WAITING...4 SECONDS" and then are directed to Google. During that time, however, Zeus is installed on their machines if they are unpatched for certain browser vulnerabilities. This particular spam campaign and ensuing drive-by download attempts are notable because of the size and the apparent targets: business professionals with access to corporate bank accounts, Henry Stern, a Cisco senior security researcher, said in a blog post. — DK
 

Websites suffer from 13 security flaws on average

September 24, 2010

The average website contains nearly 13 "serious" vulnerabilities, according to a report released this week by White Hat Security, a website risk management solutions provider. The report, which was compiled using data from more than 2,000 websites across 350 organizations, found that cross-site scripting and information leakage flaws were most prevalent, and websites belonging to large organizations - those with more than 2,500 employees - had the highest average number of serious flaws. In terms of industry, banking organizations had the least amount of vulnerabilities on average, followed by insurance and health care firms. — AM
 

PCI Council: P2PE simplifies PCI DSS compliance

September 23, 2010

The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.
 

Authorities charge 53 in N.J. identity theft/bank fraud ring

September 17, 2010

The U.S. Department of Justice on Thursday charged 53 individuals in New Jersey in connection with a widespread identity theft and fraud ring.
 

Prison sentence for RBS hacker suspended in Russia

September 09, 2010

One of the leaders of a cybercriminal gang that hacked into payment services provider RBS WorldPay and stole $9 million has received a six-year suspended sentence in Russia, according to reports.
 

Heartland settles with Discover over breach

September 01, 2010

Heartland Payment Systems, the New Jersey-based credit card processor that fell victim to the largest reported data breach of all time, announced on Wednesday that it will settle with Discover for $5 million. Heartland already has settled with Visa for $60 million and MasterCard for $41.4 million over the breach, which exposed an estimated 130 million credit and debit card numbers to organized criminals. The settlement money will be used by Discover to recoup costs related to reissuing cards and any incidents of fraud consumers may have experienced. — DK
 

Judge OKs Countrywide breach settlement

August 26, 2010

A U.S. District Court judge in Kentucky this week granted final approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company. The agreement provides free credit monitoring for up to 17 million people whose personal data was exposed, according to reports. To be eligible, victims must have used Countrywide, now owned by Bank of America, before July 1, 2008. In addition, participants are eligible to receive up to $50,000 per incident of identity theft, though Countrywide representatives have denied that anyone fell victim to fraud. — DK
 

Forum to address risks of mobile financial services

August 25, 2010

Nonprofit financial service industry consortium BITS and the Financial Services Technology Consortium have scheduled a forum to address business, security and fraud risks facing the mobile financial services market. The forum, to take Oct. 14 and 15 in Arlington, Va., will provide a look at the threats, risks and mitigations of the mobile financial services environment. Senior level financial institution executives, information security, privacy protection and fraud prevention specialists are encouraged to attend. — AM
 

Arrested seller of card data to be extradited to U.S.

August 12, 2010

A Russian man believed to be one of the most prolific sellers of stolen credit card data was arrested over the weekend in France, federal prosecutors said.
 

Zeus used to steal $890,000 from U.K. banking customers

August 10, 2010

A group of cybercriminals stole some $890,000 from the customers of an unnamed, large U.K. bank, according to researchers at security firm M86. Attackers last month distributed exploits via infected websites and malicious advertisements to compromise victims' browsers and install a new version of the data stealing-trojan Zeus onto their PCs. The botnet operators programmed the malware to wait for the bank balance of infected users to reach at least $1,000, after which they conducted fraudulent transactions that wired funds to the accounts of money mules. Researchers discovered 3,000 compromised accounts, including some belonging to businesses. — AM
 

Estonian man extradited to U.S. to face hacking charges

August 09, 2010

An Estonian man becomes the first accused RBS WorldPay hacker to be extradited to the United States to stand trial on federal charges.
 

Black Hat 2010: Researcher Jack uses design, authentication flaws to force ATMs to spit out cash

July 28, 2010

Making a dream come true for anyone who ever has seen their chips evaporate at a Las Vegas casino, a security researcher on Wednesday forced two ATMs to spit out bundles of cash thanks to security weaknesses in the machines.
 

Citi urges iPhone app update due to data storage risk

July 26, 2010

The security of seemingly trusted mobile phone applications is being called into question after Citigroup urged customers to upgrade to a new version.
 

Engineering, automotive sectors commonly spammed

July 14, 2010

Organizations in the engineering, automotive and accommodation sectors receive the most spam, according to a new Symantec report.
 

ID thief receives 30 months in prison

June 28, 2010

A California woman was sentenced late last week to 2 1/2 years in federal prison after pleading guilty earlier this year to charges of access device fraud, according to a news release from the U.S. Department of Justice. Stephanie Fahlgren, 33, of Sacramento accessed the database of a national life insurance company and obtained the personal and financial information of more than 114 individuals. Using the stolen information, Fahlgren opened lines of credit and credit cards in victims' names and made purchases without their consent. Another court appearance is scheduled for July 29, when a judge will determine the amount of restitution owed to the victims. — AM
 

SMBs, individuals being targeted by telephone DoS

June 21, 2010

Online vandals increasingly are leveraging telephone-based denial-of-service (DoS) attacks to tie up phone lines as they simultaneously plunder victims' bank accounts, the FBI warned Monday.
 

Security budgets stable or increasing at financial firms

June 18, 2010

Drivers such as compliance and insider threats are helping to keep information security budgets at financial institutions alive and well, according to a new study.
 

New fraud service serves as repository for stolen data

June 17, 2010

Microsoft has joined forces with the National Cyber Forensics Training Alliance (NCFTA) to launch a portal designed to immediately alert companies if credentials or credit card numbers belonging to their customers or employees have been discovered online.
 

Police bust massive global credit card fraud ring

June 16, 2010

Police in 12 countries have arrested 178 individuals linked to an international credit card fraud ring. Eight of alleged members were nabbed in the United States
 

Walking the tightrope: social media and data protection in the enterprise

Mark Menke, chief technology officer, Code Green Networks June 03, 2010

Organizations may want to second-guess a more restrictive strategy on website access and settle on a more pragmatic approach.
 

Heartland, MasterCard settle for $41.4M

May 20, 2010

Heartland Payment Systems and MasterCard have settled for $41.4 million over the payment processor's record-breaking data breach, disclosed in January 2009. Under the settlement, MasterCard issuing banks will be eligible to recoup costs related to reissuing cards and any incidents of fraud consumers may have experienced. For the settlement to be official, banks representing 80 percent of the affected accounts must agree to it by June 25. Heartland and Visa settled for $60 million in January. — DK
 

Five years for Utah man who stole $2M from credit unions

May 03, 2010

A Utah computer consultant was sentenced last week to five years in federal prison for stealing $2 million from several credit unions for which he worked.
 

New Zeus version targeting Firefox users for bank fraud

April 21, 2010

A new version of the data-stealing trojan Zeus is for the first time able to exploit Mozilla's Firefox browser to commit online banking fraud.
 

Certegy to pay $975K, undergo annual security audit

April 19, 2010

Certegy Check Services, breached of six million personal records in 2007, has settled with the Florida attorney general's office, the agency announced Friday.
 

Brokerage firm fined $375,000 over breach

April 13, 2010

The Financial Industry Regulatory Authority (FINRA) announced Monday it has fined Montana-based brokerage firm D.A. Davidson & Co. over a December 2007 breach that exposed the personal information of approximately 192,000 customers. The company's database was compromised via SQL injection, allowing attackers to steal the names and Social Security numbers of customers. Prior to the breach, D.A. Davidson did not have adequate safeguards, such as encryption, to protect customer information, FINRA said. A company spokeswoman told SCMagazineUS.com that no clients have fallen victim to ID theft, but the company settled to put the matter behind it. — AM
 

Worries grow over safety of online transactions

April 13, 2010

The number of consumers seriously concerned about the security of online transactions is at its highest level in three years, according to the latest Unisys Security Index, released Tuesday. In the biannual survey of 1,004 consumers, which measures how safe Americans feel regarding national, financial, internet and personal security, 20 percent of respondents were "extremely concerned" about shopping or banking online, up from 16 percent in September 2009. Another 23 percent said they are "very concerned." Meanwhile, identity theft and national security ranked as Americans' top worries, garnering serious concern from 64 and 65 percent of respondents, respectively. — AM
 

N.Y. man gets 37 months for defrauding Schwab clients

April 12, 2010

A New York man has been sentenced to three years in prison for participating in a scam to defraud Charles Schwab banking and brokerage customers.
 

Bank IT admin charged with computer fraud

April 09, 2010

A Bank of America IT worker is expected to plead guilty Tuesday to planting malware on the institution's computers and ATM machines, allowing him to fraudulently withdrawal thousands of dollars without leaving any record of the transactions. Rodney Reed Caverly, 37, of Charlotte, N.C. allegedly netted more than $5,000 though the scheme, which ran from March to October 2009. Caverly was charged with one count of computer fraud and, if convicted, faces up to five years in prison. — AM
 

Law to allow banks to recoup breach losses

April 05, 2010

A new Washington state law set to go into effect July 1 will allow banks to recoup certain data breach losses from negligent businesses. Under the new law, passed by the state Legislature in late March, financial institutions can seek reimbursement from large retailers and credit card processors that have suffered a data breach — if they failed to comply with the Payment Card Industry Data Security Standard (PCI DSS). The new law is similar to a Minnesota statute passed in 2007. — AM
 

SEC wins judgment against stock options hacker

March 30, 2010

A U.S. District Court has ordered a Ukrainian man to pay $580,000, as well as civil penalties, after he traded stock options based on knowledge he obtained from hacking into the computer network of IMS Health, a company that provides the pharmaceutical industry with with sales data and consulting services. According to the federal Securities and Exchange Commission (SEC), Oleksandr Dorozhko purchased 630 "put options," which gives the buyer the option to sell at a given price, knowing that IMS Health planned to announced worse-than-expected earnings later that day. Dorozhko made $287,346 by selling the options after the company's stock price dropped 28 percent, the SEC said Monday. — DK
 

Info about 3.3 million student borrowers on stolen device

March 29, 2010

The personal details of some 3.3 million people potentially were compromised when a removable storage device was stolen from a student loan guarantor.
 

Assets frozen for accused pump-and-dumpers

March 17, 2010

A U.S. District Court judge on Monday ordered the assets frozen for a Russian man, his company BroCo Investments and his co-conspirators. The defendants are accused of using stolen credentials to access online brokerage accounts to boost the share prices of thinly traded stocks, according to a U.S. Securities and Exchange Commission complaint. The 36-year-old ringleader, Valery Maltsev, and his cohorts purchased unauthorized stock orders on behalf of the victims, a move that inflated the share prices. Then, the defendants, who personally owned the same stocks, sold their positions at "artificially inflated prices." The scam resulted in $255,532 in ill-gotten gains and was a violation of federal laws, according to the SEC. — DK
 

Newly discovered Zeus spinoff botnet has wide impact

February 18, 2010

The "Kneber" botnet is made up of 74,126 machines from nearly 2,500 organizations that were infected with a variant of Zeus, according to researchers at a network security firm.
 

13 years in prison cometh for the "Iceman" hacker

February 16, 2010

A San Francisco-based hacker accused of stealing and then selling hundreds of thousands of credit card numbers must spend 13 years behind bars, a federal judge has ruled.
 

Critical Infrastructure encounters the most web malware, report

February 11, 2010

Companies in the energy and oil sectors experienced a 356 percent higher rate of data-theft trojans in 2009 compared to other verticals, according to Scan Safe's newly released Global Threat Report.
 

ID theft still on the rise, but victims respond faster

February 10, 2010

Incidents of identity fraud and the total cost of fraud once again climbed last year, but consumers are becoming better equipped to respond to the occurrences of theft, according to a report released Wednesday by Javelin Strategy & Research.
 

New "Bugat" trojan harvesting banking credentials

February 09, 2010

A new banking trojan has arrived on the scene and it uses unique features to steal login information, researchers at SecureWorks said Tuesday.
 

Romanian accused of email address theft pleads guilty

January 15, 2010

Another Romanian citizen has admitted to his role in a massive phishing campaign that delivered fraudulent emails to victims, prosecutors in Connecticut announced Thursday.
 

Heartland settles with Visa; funds to go to issuing banks

January 08, 2010

Breached processor Heartland Payment Systems has agreed to a settlement with Visa worth up to $60 million.
 

Parties agree to settlement over Countrywide data breach

December 29, 2009

A federal judge in Kentucky has granted preliminary approval to settle a class-action lawsuit relating to a data breach that pinned millions of Countrywide Financial customers against the mortgage company.
 

Citibank refutes reported hack by Russian gang

December 22, 2009

Citigroup is denying a report on Tuesday that its systems were breached of tens of millions of dollars.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Phishing Rootkits SC Awards 2012 Social Engineering Trojans