A leading payments industry news source for more than 17 years. Glenbrook curates the news and keeps you abreast of the important daily headlines in payments.

Search Payments News

April 5, 2019

On the web

AeroGarden Maker Says Hackers Stole Months of Credit Card Data


“Bad news for home gardeners: criminals might have your credit card data. AeroGrow, the maker of the at-home garden kit AeroGarden, said in a letter to customers that its website had credit card scraping malware for more than four months. The company said anyone who bought something through its website between October 29, 2018 and March 4, 2019 had their credit card number, expiration date and card verification value — also known as a security code — stolen by the malware.”

April 2, 2019

On the web

Stolen Payment Cards For Sale Linked to Breach at Restaurant Operator Earl Enterprises

Digital Transactions

“Mark the latest data breach as another conquest for hackers. Earl Enterprises, owner of the Buca di Beppo, Bertucci’s, Planet Hollywood, and the Earl of Sandwich restaurant chains, among others, said point-of-sale malware captured credit and debit card information from May 23, 2018, through March 18, 2019, at a variety of its locations. Restaurants potentially affected include Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy! Mixology, and Tequila Taqueria. In addition to capturing credit and debit card numbers, the malware may have collected expiration dates and cardholder names, Earl Enterprises said in a statement released March 29.”

March 11, 2019

On the web

Researchers who claim to have discovered the Citrix breach say Iran-linked hackers stole at least 6TB of data and may have first gained access 10 years ago

NBC News

Iranian-backed hackers have stolen vast amounts of data from a major software company that handles sensitive computer projects for the White House communications agency, the U.S. military, the FBI and many American corporations, a cybersecurity firm told NBC News. Citrix Systems Inc. came under attack twice, once in December and again Monday, according to Resecurity, which notified the firm and law enforcement authorities.”

March 5, 2019

On the web

Study: Only 11% Of Consumers Trust Retailers To Handle Data Breaches Properly – Retail TouchPoints

Retail Touch Points

“Retailers face a significant mistrust issue when it comes to data breaches: only 11% of consumers trust retailers to properly handle data breaches, according to a survey by First Data. High-profile events, such as the HBC data breach that affected as many a 5 millionshoppers in 2018, can erode trust across the entire industry. But retailers have many tools to help them build up shoppers’ trust.”

February 22, 2019

On the web

California to Close Data Breach Notification Loopholes Under New Law


“The golden state’s attorney general Xavier Becerra announced a new bill Thursday that aims to close loopholes in its existing data breach notification laws by expanding the requirements for companies to notify users or customers if their passport and government ID numbers, along with biometric data, such as fingerprints, and iris and facial recognition scans, have been stolen.”

February 14, 2019

On the web

February 13, 2019

On the web

January 29, 2019

Top Post

January 24, 2019

On the web

Millions of bank loan and mortgage documents have leaked online


“A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse. The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.”

January 17, 2019

On the web

January 4, 2019

On the web

Marriott Says Hackers Swiped Millions of Passport Numbers

Wall Street Journal (paywall)

Marriott International Inc. said fewer customers were affected in a massive data breach than initially feared but confirmed that hackers had compromised the passport numbers of millions of people in what security analysts have described as a potential foreign-intelligence gold mine. Marriott, the world’s largest hotel company, disclosed in November that a hack in the reservation database for its Starwood properties may have exposed the personal information of up to 500 million guests.”

December 19, 2018

On the web

December 12, 2018

On the web

The 21 biggest data breaches of 2018

Business Insider

“It seems like every week, a new company has to notify its customers that their data may have been compromised, and personal information may have been affected. Data breaches can happen for a variety of reasons. Some companies are hacked. Data can be mishandled or sold to third parties. Holes in a website’s security system can leave information unprotected. One of the latest victims was Marriott hotels, which recently revealed that hackers had accessed the information of an estimated 500 million customers.”

December 4, 2018

On the web

Hackers breach Quora.com and steal password data for 100 million users

Ars Technica

“Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests, and downvotes. The breached data also included public content and actions, such as questions, answers, comments, and upvotes.”

December 3, 2018

On the web

HSBC Bank Alerts US Customers to Data Breach

Bank Info Security

“HSBC Bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it’s detected no signs of fraud. The data breach affects only the U.S. operations of London-based HSBC, which is the world’s seventh largest bank and the biggest in Europe. HSBC says the breach appeared to run from Oct. 4 to Oct. 14. After spotting the breach, the bank says in a notification announcement, it “suspended online access to prevent further unauthorized entry” to affected accounts.”

November 29, 2018

On the web

Credit bureau TransUnion urged to tighten online security after local newspaper says it easily obtained data on Hong Kong Chief Executive Carrie Lam and Financial Secretary Paul Chan

Yahoo News

“Hong Kong’s Monetary Authority and privacy watchdog have called on major international credit bureau TransUnion to improve its online authentication procedures after a local newspaper claimed it could easily access the personal credit files of public figures in the city, including Chief Executive Carrie Lam Cheng Yuet-ngor and Financial Secretary Paul Chan Mo-po. According to its website, TransUnion maintains credit records on 5.4 million consumers in the city and 500 million consumers and businesses worldwide.”

November 7, 2018

On the web

‘Almost all’ Pakistani banks hit by hackers


“FIA director Mohammad Shoaib told local media about the breach shortly after cybersecurity firm Group-IB warned that a dump of Pakistani credit and debit card details has been doing the rounds of carder forums. According to Geo News, six banks have suspended the use of their debit cards outside of Pakistan. Last week, hackers got away with at least Rs2.6 million from Bank Islami accounts.”

November 2, 2018

On the web

Private messages from 81,000 hacked Facebook accounts for sale


“Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts. The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be skeptical about that figure.”

October 12, 2018

On the web

October 8, 2018

On the web

October 5, 2018

Top Post

October 3, 2018

On the web

Facebook Login Update


“Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when we reset people’s access tokens. However, out of an abundance of caution, as some developers may not use our SDKs — or regularly check whether Facebook access tokens are valid — we’re building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out.”

September 28, 2018

On the web

Facebook Data Breach – 50 Million Accounts

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.”

September 25, 2018

On the web

September 20, 2018

On the web

September 19, 2018

On the web

Hackers stole customer credit cards in Newegg data breach


“Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card data from unsuspecting customers to a server controlled by the hackers with a similar domain name — likely to avoid detection. The server even used an HTTPS certificate to blend in.”

September 18, 2018

On the web

GovPayNow.com Leaks 14M+ Records

Krebs on Security

Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.”

September 7, 2018

On the web

August 30, 2018

On the web

August 3, 2018

On the web

Credit Card Issuer TCM Bank Leaked Applicant Data For 16 Months

Krebs on Security

TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.-based ICBA Bancard Inc., which helps community banks provide a credit card option to their customers using bank-branded cards. In a letter being mailed to affected customers today, TCM said the information exposed was data that card applicants uploaded to a Web site managed by a third party vendor. TCM said it learned of the issue on July 16, 2018, and had the problem fixed by the following day.”

Payments News

Give us your email address or link to our RSS feed and we’ll push the daily Payments News headlines to you.

Glenbrook Payments Boot camp®

Register for the next Glenbrook Payments Boot Camp®

An intensive and comprehensive overview of the payments industry.

Train your Team

Customized, private Payments Boot Camps tailored to meet your team’s unique needs.

OnDemand Modules

Recorded, one-hour videos covering a broad array of payments concepts.

Glenbrook Press

Comprehensive books that detail the systems and innovations shaping the payments industry.