Feeds

Biggest online credit card heist leaked to MSNBC

Yank whistle-blower overlooks The Reg, but we're not bitter

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

An unknown network intruder stole details of nearly a half million credit card accounts from an e-commerce site and tauntingly stored them on a US government computer, MSNBC reports. Credit card companies notified financial institutions, but many of the compromised accounts remain open because the banks neither closed them nor notified customers of the theft, the news service says. The theft occurred over a year ago, but only a few whispers have thus far been made public. The crime is mentioned in a letter dated 27 December from Visa USA to its member financial institutions. US Secret Service spokesman Jim Macken confirmed that the incident had occurred and added a few details in an interview with MSNBC on Thursday. "This government Web administrator noticed that a lot of the memory was chewed up for no reason, so he checked and found the file," Macken said. There was no evidence that any of the cards have been used fraudulently, he added. The letter leaked to MSNBC said that authorities had not identified the thief, but Macken said investigators have since traced the criminal to Eastern Europe. The investigation is continuing and involves diplomatic contacts with the country in question, he said. The Internet retail site from which the data was stolen has also been identified, but Macken declined to name it. MSNBC originally received a copy of the letter from an employee at the Navy Federal Credit Union, quoting federal authorities saying that the credit card information including expiration dates and cardholder names and addresses was stolen from an un-named Internet retail site by an intruder. Officials at the credit union took no action to warn customers whose account numbers were among those stolen, said the whistle blower. Instead, they ordered a spot check of 50 to 100 accounts and then decided that no further action was necessary, according to the source. The source said the credit union followed the same procedure two weeks later, when Visa alerted the institution of a separate theft of data on 300,000 credit cards from the CD Universe Web site -- the biggest theft of credit card data over the Internet previously made public. "It was decided that....it would be too much of an inconvenience and too costly to shut down the accounts and issue new numbers," said the source. "It was deemed not the credit union’s responsibility." Green Wall of Silence A spokeswoman for the credit union declined to return MSNBC's calls Thursday. Calls to American Express and several banks seeking information on their response when notified of the theft also went unanswered. Scott Lynch, a spokesman for Visa USA, told MSNBC he could not comment on the case. Alicia Zatkowski, a spokeswoman for Discover Financial Services, said the firm’s fraud investigators were not aware of such a case. Vincent DeLuca, vice president of fraud control at MasterCard International, said, "We are aware of some cases but we’re not at liberty to talk about any ongoing investigations." Several financial institutions ordered the replacement of cards that were compromised in the recent CD Universe case, also currently under investigation. Such replacement programs are normally well publicised in an effort to reassure consumers, MSNBC notes. Such wholesale compromises, on the other hand, are usually kept as tightly-guarded as possible, lest customers learn how poorly their personal data is protected by most commercial Web sites. We wonder how many other such incidents have yet to be revealed. Perhaps this outrageous incident will convince our elected officials that it's time for retail Web sites to be held accountable for their blunders. The current emphasis on expanded online law-enforcement is doomed. Only a trivial number of malicious intruders will ever be caught; indeed, not a single foreign intruder known to have compromised credit card information stored on US servers ever has been. US House Commerce Committee Chairman Thomas Bliley (Republican, Virginia) summed up the US Government's Pollyannaish view of e-commerce when he called it "the goose that lays the golden eggs" during a recent Internet conference at George Mason University. But the golden goose is already shaping up as an irresponsible little honking dictator. It will only get worse if e-commerce is allowed to continue developing without accountability. E-commerce demands tax exemptions; it demands a suspension of the normal rules of customer privacy protection; it demands self-regulation and market-driven solutions to all its various follies. Then it has its under-protected servers whacked by some fifteen-year-old script kiddie, and goes whingeing to the Secret Service or the FBI. It's not merely an ethical issue; it's practical as well. The outrages will continue -- and largely in secret -- until the dot.coms are forced, like the rest of us, to pay for their mistakes. ®

5 things you didn’t know about cloud backup

More from The Register

next story
BBC: We're going to slip CODING into kids' TV
Pureed-carrot-in-ice cream C++ surprise
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES
If there are any on our site it is not our fault as we are not a PUBLISHER
Facebook, Google and Instagram 'worse than drugs' says Miley Cyrus
Italian boffins agree with popette's theory that haters are the real wrecking balls
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
Facebook to let stalkers unearth buried posts with mobe search
Prepare to HAUNT your pal's back catalogue
Ex-IBM CEO John Akers dies at 79
An era disrupted by the advent of the PC
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?