Feeds

Biggest online credit card heist leaked to MSNBC

Yank whistle-blower overlooks The Reg, but we're not bitter

  • alert
  • submit to reddit

Bridging the IT gap between rising business demands and ageing tools

An unknown network intruder stole details of nearly a half million credit card accounts from an e-commerce site and tauntingly stored them on a US government computer, MSNBC reports. Credit card companies notified financial institutions, but many of the compromised accounts remain open because the banks neither closed them nor notified customers of the theft, the news service says. The theft occurred over a year ago, but only a few whispers have thus far been made public. The crime is mentioned in a letter dated 27 December from Visa USA to its member financial institutions. US Secret Service spokesman Jim Macken confirmed that the incident had occurred and added a few details in an interview with MSNBC on Thursday. "This government Web administrator noticed that a lot of the memory was chewed up for no reason, so he checked and found the file," Macken said. There was no evidence that any of the cards have been used fraudulently, he added. The letter leaked to MSNBC said that authorities had not identified the thief, but Macken said investigators have since traced the criminal to Eastern Europe. The investigation is continuing and involves diplomatic contacts with the country in question, he said. The Internet retail site from which the data was stolen has also been identified, but Macken declined to name it. MSNBC originally received a copy of the letter from an employee at the Navy Federal Credit Union, quoting federal authorities saying that the credit card information including expiration dates and cardholder names and addresses was stolen from an un-named Internet retail site by an intruder. Officials at the credit union took no action to warn customers whose account numbers were among those stolen, said the whistle blower. Instead, they ordered a spot check of 50 to 100 accounts and then decided that no further action was necessary, according to the source. The source said the credit union followed the same procedure two weeks later, when Visa alerted the institution of a separate theft of data on 300,000 credit cards from the CD Universe Web site -- the biggest theft of credit card data over the Internet previously made public. "It was decided that....it would be too much of an inconvenience and too costly to shut down the accounts and issue new numbers," said the source. "It was deemed not the credit union’s responsibility." Green Wall of Silence A spokeswoman for the credit union declined to return MSNBC's calls Thursday. Calls to American Express and several banks seeking information on their response when notified of the theft also went unanswered. Scott Lynch, a spokesman for Visa USA, told MSNBC he could not comment on the case. Alicia Zatkowski, a spokeswoman for Discover Financial Services, said the firm’s fraud investigators were not aware of such a case. Vincent DeLuca, vice president of fraud control at MasterCard International, said, "We are aware of some cases but we’re not at liberty to talk about any ongoing investigations." Several financial institutions ordered the replacement of cards that were compromised in the recent CD Universe case, also currently under investigation. Such replacement programs are normally well publicised in an effort to reassure consumers, MSNBC notes. Such wholesale compromises, on the other hand, are usually kept as tightly-guarded as possible, lest customers learn how poorly their personal data is protected by most commercial Web sites. We wonder how many other such incidents have yet to be revealed. Perhaps this outrageous incident will convince our elected officials that it's time for retail Web sites to be held accountable for their blunders. The current emphasis on expanded online law-enforcement is doomed. Only a trivial number of malicious intruders will ever be caught; indeed, not a single foreign intruder known to have compromised credit card information stored on US servers ever has been. US House Commerce Committee Chairman Thomas Bliley (Republican, Virginia) summed up the US Government's Pollyannaish view of e-commerce when he called it "the goose that lays the golden eggs" during a recent Internet conference at George Mason University. But the golden goose is already shaping up as an irresponsible little honking dictator. It will only get worse if e-commerce is allowed to continue developing without accountability. E-commerce demands tax exemptions; it demands a suspension of the normal rules of customer privacy protection; it demands self-regulation and market-driven solutions to all its various follies. Then it has its under-protected servers whacked by some fifteen-year-old script kiddie, and goes whingeing to the Secret Service or the FBI. It's not merely an ethical issue; it's practical as well. The outrages will continue -- and largely in secret -- until the dot.coms are forced, like the rest of us, to pay for their mistakes. ®

Build a business case: developing custom apps

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple ran off to IBM
But never fear fanbois, you're still lapping up iPhones, Macs
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.