The Green Sheet Online Edition
January 1, 2014 • 14:01:02
Breaches across America – 2013
#h3West
California
Multiple locations, March 19, 2013 – Subway restaurants in California, Massachusetts and Wyoming experienced fraud when a former Subway franchise owner, working with an accomplice, sold POS software and later hacked into at least 13 POS systems to create fraudulent Subway gift cards worth an estimated $40,000. Both participants were indicted on March 6.
San Francisco, May 10, 2013 – A flaw in Coinbase's bitcoin wallet platform exposed information of an unknown number of merchants, including email addresses, and was detected when a phishing attack targeted merchants with emails that appeared to come from Coinbase.
San Francisco, May 22, 2013 – At least 22,900 customers who used the Vendini Inc. server to purchase tickets online may have had financial information compromised during a March 2013 breach incident detected April 25, 2013. #h3Southwest
Arizona
Phoenix, Feb. 25, 2013 – Credit card terminals in Sprouts Farmers Markets LLC stores in 19 Arizona and California locations were infected by malware between Jan. 25 and 29, 2013. Sprouts reportedly identified the issue within days of the breach and took immediate action.
Tempe, Aug. 8, 2013 – The names, dates of birth, security question answers, last four digits of credit card numbers and mileage of 7,700 US Airways Group Dividend Miles accountholders appears to have been compromised; mileage was reported stolen from accessed accounts.
Phoenix, Nov. 27, 2013 – An unspecified data breach potentially exposed the names, Social Security numbers (SSNs), bank and academic records of 2.9 million students, employees and vendors of Maricopa County Community College District and could cost $14 million to correct.
#h3Midwest
Illinois
Chicago, Oct. 21, 2013 – Experian Information Solutions Inc. subsidiary Court Ventures Inc. reportedly gave SSNs, as well as driver's license, credit card and other personal data to fraudsters posing as legitimate private investigators, affecting about 500,000 consumers.
Missouri
St. Louis, April 10, 2013 – Between December 2012 and March 29, 2013, a breach affecting 500,000 customers using debit and credit cards at 79 Schnuck Markets Inc. locations, may have compromised card numbers and expiration dates without exposing any customer names.
Kirkwood, Nov. 4, 2013 – Hackers obtained plain text archives that contained credit card numbers, expiration dates, names and addresses of 850,000 CorporateCarOnline.com limousine and ground transportation customers. Minnesota
Minneapolis, Dec. 19, 2013 – Between Nov. 27, 2013 and Dec. 15, 2013, hackers reportedly accessed debit and credit card information, including PINs, of 70 million individuals using payment cards at Target Corp. stores; online customers apparently were not affected.
#h3South
Arkansas
Little Rock, Sept. 20, 2013 – Two men pleaded guilty to placing skimming devices on gas pumps at Murphy USA stations in two states; they posted $400,000 in charges on fraudulent cards between April 2012 and January 2013, impacting 50 to 500 customer accounts.
Florida
Aventura, Oct. 10, 2013 – Six skimming devices equipped with cameras were discovered in a Nordstrom store. Witnesses reported seeing six individuals who entered the store on Oct. 5, split into groups of three and distracted sales reps while tampering with the registers.
Georgia
Columbus, Oct. 31, 2013 – Spreadsheets with the names, SSNs, dates of birth and home addresses of former Total System Services Inc. employees were emailed to a personal address of a temporary staffing agency employee working with Paragon Benefits Inc. The individual was apprehended and charged with felony identity theft.
#h3Northeast
New York
New York, March 28 and 29, 2013 – On March 28, the JPMorgan Chase website was taken offline for a day due to a distributed-denial-of-service attack. One day later, the American Express Co. website was offline for two hours due to a similar hacker-related incident.
New York, July 26, 2013 – Malware installed on servers from November 2008 to October 2010 allowed hackers to execute commands, alter and steal data from NASDAQ OMX Group Inc. computers. Five foreign hackers were subsequently charged in a series of financial incidents targeting major corporate networks that resulted in exposure of over 160 million credit cards.
New York, Dec. 5, 2013 – An investigation found hackers were able to access personal information that included passwords, of 465,000 JPMorgan Chase prepaid Ucards in July 2013. This affected corporate payroll and government tax refund, unemployment, and benefit payments.
Maryland
Gaithersburg, Nov. 28, 2013 – CVS Pharmacy Inc. agreed to a $250,000 settlement with the Maryland Attorney General, who charged its Maryland CVS Pharmacy LLC with failure to protect sensitive information when it disposed of patient records in publicly accessible places.
(Source: Privacy Rights Clearinghouse)
Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
