A leading payments industry news source for more than 17 years. Glenbrook curates the news and keeps you abreast of the important daily headlines in payments.
Search Payments News
April 5, 2019
On the web
AeroGarden Maker Says Hackers Stole Months of Credit Card Data
TechCrunch
“Bad news for home gardeners: criminals might have your credit card data. AeroGrow, the maker of the at-home garden kit AeroGarden, said in a letter to customers that its website had credit card scraping malware for more than four months. The company said anyone who bought something through its website between October 29, 2018 and March 4, 2019 had their credit card number, expiration date and card verification value — also known as a security code — stolen by the malware.”
April 2, 2019
On the web
Stolen Payment Cards For Sale Linked to Breach at Restaurant Operator Earl Enterprises
Digital Transactions
“Mark the latest data breach as another conquest for hackers. Earl Enterprises, owner of the Buca di Beppo, Bertucci’s, Planet Hollywood, and the Earl of Sandwich restaurant chains, among others, said point-of-sale malware captured credit and debit card information from May 23, 2018, through March 18, 2019, at a variety of its locations. Restaurants potentially affected include Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy! Mixology, and Tequila Taqueria. In addition to capturing credit and debit card numbers, the malware may have collected expiration dates and cardholder names, Earl Enterprises said in a statement released March 29.”
March 11, 2019
On the web
Researchers who claim to have discovered the Citrix breach say Iran-linked hackers stole at least 6TB of data and may have first gained access 10 years ago
NBC News
“Iranian-backed hackers have stolen vast amounts of data from a major software company that handles sensitive computer projects for the White House communications agency, the U.S. military, the FBI and many American corporations, a cybersecurity firm told NBC News. Citrix Systems Inc. came under attack twice, once in December and again Monday, according to Resecurity, which notified the firm and law enforcement authorities.”
March 5, 2019
On the web
Study: Only 11% Of Consumers Trust Retailers To Handle Data Breaches Properly – Retail TouchPoints
Retail Touch Points
“Retailers face a significant mistrust issue when it comes to data breaches: only 11% of consumers trust retailers to properly handle data breaches, according to a survey by First Data. High-profile events, such as the HBC data breach that affected as many a 5 millionshoppers in 2018, can erode trust across the entire industry. But retailers have many tools to help them build up shoppers’ trust.”
February 22, 2019
On the web
California to Close Data Breach Notification Loopholes Under New Law
TechCrunch
“The golden state’s attorney general Xavier Becerra announced a new bill Thursday that aims to close loopholes in its existing data breach notification laws by expanding the requirements for companies to notify users or customers if their passport and government ID numbers, along with biometric data, such as fingerprints, and iris and facial recognition scans, have been stolen.”
February 14, 2019
On the web
The stolen Equifax data has never been found, and experts suspect a spy scheme
CNBC
“But as the investigations continue, a consensus is starting to emerge to explain why the data has disappeared from sight. Most experts familiar with the case now believe that the thieves were working for a foreign government and are using the information not for financial gain, but to try to identify and recruit spies.”
February 13, 2019
On the web
620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
The Register
“Sample account records from the multi-gigabyte databases seen by The Register appear to be legit: they consist mainly of account holder names, email addresses, and passwords. These passwords are hashed, or one-way encrypted, and must therefore be cracked before they can be used.”
January 29, 2019
Top Post
Data Breaches Fell in 2018, But Records Exposed More Than Doubled, Non-Profit Reports
Digital Transactions
“The San Diego-based non-profit and partner CyberScout LLC, a data-security services provider, say 2018 saw 1,244 data breaches compared with 1,632 the year before. But 446.5 million business, education, payment card, financial, health-care, and other records with personally identifying information were compromised, a 126% increase from 197.6 million in 2017.”
January 24, 2019
On the web
Millions of bank loan and mortgage documents have leaked online
TechCrunch
“A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server security lapse. The server, running an Elasticsearch database, had more than a decade’s worth of data, containing loan and mortgage agreements, repayment schedules and other highly sensitive financial and tax documents that reveal an intimate insight into a person’s financial life.”
January 17, 2019
On the web
Another huge database exposed millions of call logs and SMS text messages
TechCrunch
“If you thought you’d heard this story before, you’re not wrong. Back in November, another telecoms company, Voxox, exposed a database containing millions of text messages — including password resets and two-factor codes. This time around, it’s a different company: Voipo, a Lake Forest, Calif. communications provider, exposed tens of gigabytes worth of customer data.”
January 4, 2019
On the web
Marriott Says Hackers Swiped Millions of Passport Numbers
Wall Street Journal (paywall)
“Marriott International Inc. said fewer customers were affected in a massive data breach than initially feared but confirmed that hackers had compromised the passport numbers of millions of people in what security analysts have described as a potential foreign-intelligence gold mine. Marriott, the world’s largest hotel company, disclosed in November that a hack in the reservation database for its Starwood properties may have exposed the personal information of up to 500 million guests.”
December 19, 2018
On the web
Hackers Breach Dozens of Local Government Payment Portals to Steal Credit Card Data
Fortune
“Paying parking tickets or municipal water taxes is never fun—and it’s even worse when hackers have compromised your town’s payment system. Yet, that’s what happened in dozens of towns across the U.S. where cyber crooks have made off with the personal data of nearly 300,000 people.”
December 12, 2018
On the web
The 21 biggest data breaches of 2018
Business Insider
“It seems like every week, a new company has to notify its customers that their data may have been compromised, and personal information may have been affected. Data breaches can happen for a variety of reasons. Some companies are hacked. Data can be mishandled or sold to third parties. Holes in a website’s security system can leave information unprotected. One of the latest victims was Marriott hotels, which recently revealed that hackers had accessed the information of an estimated 500 million customers.”
December 4, 2018
On the web
Hackers breach Quora.com and steal password data for 100 million users
Ars Technica
“Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests, and downvotes. The breached data also included public content and actions, such as questions, answers, comments, and upvotes.”
December 3, 2018
On the web
HSBC Bank Alerts US Customers to Data Breach
Bank Info Security
“HSBC Bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it’s detected no signs of fraud. The data breach affects only the U.S. operations of London-based HSBC, which is the world’s seventh largest bank and the biggest in Europe. HSBC says the breach appeared to run from Oct. 4 to Oct. 14. After spotting the breach, the bank says in a notification announcement, it “suspended online access to prevent further unauthorized entry” to affected accounts.”
November 29, 2018
On the web
Credit bureau TransUnion urged to tighten online security after local newspaper says it easily obtained data on Hong Kong Chief Executive Carrie Lam and Financial Secretary Paul Chan
Yahoo News
“Hong Kong’s Monetary Authority and privacy watchdog have called on major international credit bureau TransUnion to improve its online authentication procedures after a local newspaper claimed it could easily access the personal credit files of public figures in the city, including Chief Executive Carrie Lam Cheng Yuet-ngor and Financial Secretary Paul Chan Mo-po. According to its website, TransUnion maintains credit records on 5.4 million consumers in the city and 500 million consumers and businesses worldwide.”
November 7, 2018
On the web
‘Almost all’ Pakistani banks hit by hackers
Finextra
“FIA director Mohammad Shoaib told local media about the breach shortly after cybersecurity firm Group-IB warned that a dump of Pakistani credit and debit card details has been doing the rounds of carder forums. According to Geo News, six banks have suspended the use of their debit cards outside of Pakistan. Last week, hackers got away with at least Rs2.6 million from Bank Islami accounts.”
November 2, 2018
On the web
Private messages from 81,000 hacked Facebook accounts for sale
BBC
“Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts. The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be skeptical about that figure.”
October 12, 2018
On the web
Facebook Says Hackers Stole Detailed Personal Data From 14 Million People
Bloomberg
“Facebook Inc. said intimate information, including search results, recent locations and hometowns, were stolen from 14 million users by attackers in a major hack of the social network disclosed two weeks ago.”
October 8, 2018
On the web
Google+ to shut down after coverup of data-exposing bug
TechCrunch
“Google is about to have its Cambridge Analytica moment. A security bug allowed third-party developers to access Google+ user profile data since 2015 until Google discovered and patched it in March, but decided not to inform the world.”
October 5, 2018
Top Post
North Korean hackers tied to massive global theft
Politico
“Over the past several years, North Korea has continued to perfect its hacker armies that have carried out some of the most devastating digital attacks around the world. Last month, the Justice Department unsealed charges against Park Jin Hyok for his part in the 2014 Sony Pictures hack as well as for aiding in the Bangladesh theft and the damaging WannaCry malware outbreak.”
October 3, 2018
On the web
Facebook Login Update
“Any developer using our official Facebook SDKs — and all those that have regularly checked the validity of their users’ access tokens – were automatically protected when we reset people’s access tokens. However, out of an abundance of caution, as some developers may not use our SDKs — or regularly check whether Facebook access tokens are valid — we’re building a tool to enable developers to manually identify the users of their apps who may have been affected, so that they can log them out.”
September 28, 2018
On the web
Facebook Data Breach – 50 Million Accounts
“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.”
September 25, 2018
On the web
2018 Payment Security Report
Verizon Communications
“Lack of sustainable control environments remains a top contributor and precursor to ineffective controls, which in turn become susceptible to data breaches. Organizations achieve sustainable PCI Security compliance when they demonstrate a consistent capability to maintain ongoing operation of all required security controls within their compliance environment.”
September 20, 2018
On the web
Equifax fined by ICO over data breach that hit Britons
BBC
“Credit rating agency Equifax is to be fined £500,000 by the Information Commissioner’s Office (ICO) after it failed to protect the personal data of 15 million Britons. A 2017 cyber-attack exposed information belonging to 146 million people around the world, mostly in the US.”
September 19, 2018
On the web
Hackers stole customer credit cards in Newegg data breach
TechCrunch
“Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card data from unsuspecting customers to a server controlled by the hackers with a similar domain name — likely to avoid detection. The server even used an HTTPS certificate to blend in.”
September 18, 2018
On the web
GovPayNow.com Leaks 14M+ Records
Krebs on Security
“Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.”
September 7, 2018
On the web
UK banks battle to deal with British Airways data breach
Banking Technology
“In the wake of the British Airways (BA) data breach, UK banks have flown into action to deal with potential banking and payments issues. BA says customer data was stolen from its website and mobile app. About 380,000 transactions were affected. The stolen data did not include travel or passport details.”
August 30, 2018
On the web
Fiserv Flaw Exposed Customer Data at Hundreds of Banks
“This would allow any customer of the bank to spy on the daily transaction activity of other customers, and perhaps even target customers who signed up for high minimum balance alerts (e.g., “alert me when the available balance goes below $5,000”).”
August 3, 2018
On the web
Credit Card Issuer TCM Bank Leaked Applicant Data For 16 Months
Krebs on Security
“TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.-based ICBA Bancard Inc., which helps community banks provide a credit card option to their customers using bank-branded cards. In a letter being mailed to affected customers today, TCM said the information exposed was data that card applicants uploaded to a Web site managed by a third party vendor. TCM said it learned of the issue on July 16, 2018, and had the problem fixed by the following day.”
Payments News
Give us your email address or link to our RSS feed and we’ll push the daily Payments News headlines to you.
Top Stories from Payments News
Glenbrook Payments Boot camp®
Register for the next Glenbrook Payments Boot Camp®
An intensive and comprehensive overview of the payments industry.
Train your Team
Customized, private Payments Boot Camps tailored to meet your team’s unique needs.
OnDemand Modules
Recorded, one-hour videos covering a broad array of payments concepts.
Glenbrook Press
Comprehensive books that detail the systems and innovations shaping the payments industry.