Another Company Falls Victim
Stratfor Global Intelligence has released information regarding a breach to there data. The reports indicate that ANONYMOUS has once again struck and has managed to get a large amount of personal data (reportedly including credit card numbers) from their client data file. The mind boggling thing is that the data including the CC #'s were in plain text. Information, including the letter from the company can be reviewed at:
http://www.zerohedge.com/news/stratfor-hacked-200gb-emails-credit-cards-stolen-client-list-released-includes-mf-global-rockef
Deb Hale
Keywords: Stratford
8 comment(s)
×
Diary Archives
Comments
Steven
Dec 27th 2011
1 decade ago
bgc
Dec 27th 2011
1 decade ago
They should have been more prepared. CC #’s in plain text, I mean come on….
Solinus
Dec 27th 2011
1 decade ago
Frankly, it'll serve them right when they are facing litigation by their injured clients, whose PII and credit card information was compromised as thoroughly as if they posted it on the open internet themselves.
BGC, not a LOT of criminal law would impact Strafor, but plenty of CIVIL law will most certainly come to bear. Think of it in this way: You take your significant other's diamond ring to a jeweler for cleaning and repair. The jeweler fails to lock up the jewelry or even to close the door when closing for the evening.
That is essentially what happened here, a contemptible failure of due care and due diligence.
Fortunately, I've changed credit cards since my subscription with them lapsed!
Wzrd1
Dec 27th 2011
1 decade ago
And if you do 5.9 million of Visa and 5.9 million of MasterCard annually, you still do not have to prove you're compliant; you just have to fill out the form. And that's only if your card processor even asks you for it.
The processors are the ones who get fined and they have contracts saying they can pass the fines on to the merchant. So unless the merchant goes out of business, the processor might not even care.
JJ
Dec 27th 2011
1 decade ago
A recent court case may change that because it ruled that their loss of time in remediating the issue was an actual injury.
Because the criminals allegedly actually used the stolen card numbers to make charitable donations, there are going to be a lot more people who have to take action to get their funds recovered.
Hmmm, based on the timing of the "contribution" I wonder if a victim can claim it on their 2011 tax return even if they later get reimbursed?
JJ
Dec 27th 2011
1 decade ago
The only reason we have PCI is because of big bad companies storing credit card numbers, and the fact that credit card numbers are re-useable. Just make all CC numbers one-time use only, or require that they are used together with a onetime key. And do away with the magstipe. Scandinavia is 98% chip based cards now.
As it is, we need to spend lots of money, and as it looks, we need to replace every one of our thousands of terminals/pinpads every 3 years.
Make the standard good, and do away with 3DES (they can't, banks can't afford to upgrade to strong encryption, and they don't care about retailers).
P..
Dec 28th 2011
1 decade ago
Personally I don't like risk-based standards very much because way too often it comes down to some manager thinking "I don't understand this, it won't help my sales, it will hurt my expenses and I am not going to deal with this." and saying out loud "We think this is a low risk and we accept that risk." This thinking prevails in large and small companies.
Chip-based cards still need a way to work over the Internet. And no ATM that I know of accepts chip-and-PIN even in Europe. Sp they still have mag stripes for ATMs.
Personally I use Discover Card's "online secure account" numbers every chance I get. A unique number is generated and once it's used at a particular vendor it cannot be used at another vendor. If some criminal can figure out how to steal my online card number and get that vendor to process the charge, well, Merry Christmas to them.
But until losses are no longer be a cost of doing business, this problem will continue. I work for a regional bank and when we contact some of the major banks on fraud issues, they won't even talk to us about investigating it unless the one-time-loss is over $15,000. They just reimburse us.
JJ
Dec 28th 2011
1 decade ago