Brian Krebs links June 30, 2014
P.F. Chang's Breach Likely Began in Sept. 2013 - Brian Krebs - Krebs on Security
These types of breaches are why I use a credit card everywhere I shop. If a breach occurs at a retailer I'd much rather they have access to a credit card, indirect money, than my debit card, which goes directly to my bank account. I have never eaten at P.F. Chang's, so I have nothing to worry about in this instant, but I did shop at Target in December and I'm sure to shop at another place that gets breached. What's disconcerting about this is that we're just now hearing about it when the initial breach occurred nine months. Another good reason to check your transactions on a regular basis.
Oil Co. Wins $350,000 Cyberheist Settlement - Brian Krebs - Krebs on Security
Both the oil company and the bank are pointing fingers at each other for a breach that occurred on the oil company's bank account. Allegedly, an oil company employee feel for a phishing account who just happened to have access to the company's financial account with said bank. The oil company argued that there weren't more security measures in place, while the bank argued that the oil company got malware installed on it's machine. This would have been an interesting one to see in trial, but alas the bank's insurance company cut a check for the money lost.
Car Wash: Card Breaches at Car Washes - Brian Krebs - Krebs on Security
Is no place sacred?
It's really not all that surprising. Compromised and unsecure point-of-sale systems, default admin passwords, etc. The most interesting thing about this story is that street gangs are taking advantage of these breaches as buyers of the stolen credit cards. And the fact that one of the detectives quoted in this article said this:
“Honestly, the fact that we still have bank robberies is sort of perplexing,” he said. “Rob a bank and you’re lucky if you get away with $600. But you can rob a credit card company and all the banks are afraid to have their name associated with a case like this, and they quickly reimburse the victims. And most of the retailers are so afraid of having their name in the press associated with credit card fraud and data breaches that make the job doubly hard for us.”
This post first appeared on Exploring Information Security.