Log in

Posts Tagged ‘Credit card’

Amazon’s shoe retailer Zappos attacked – Data of 24m gets affected

January 18th, 2012

Zappos center in Kentucky

You love shopping online, don’t you? It is easy, less time consuming and you can do it in your Pajamas ! No need to drive in the middle of the night to shop and waste a gallon of gas! Just a click of a button and your gift is at your door-step.

Hang on! The ‘easy’ shopping just got ‘difficult’ because you entered your credit card details online and now they are vulnerable. You thought they were secure but think again.

The recent hacking case of Zappos, Amazon’s shoe retailer, puts doubts in your mind about online shopping.

The news in detail

Information related to as many as 24 million customers was hacked into at the online shoe and clothing retailer Zappos. The retailer has requested customers to change passwords.

Zappos CEO Tony Hsieh posted an open letter online to all Zappos employees. Excerpts from the letter a “cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky.” “The most important focus for us now right now is the safety and security of our customers’ information. Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help them through the process of choosing a new password for their accounts,” adding that the existing customer passwords had been terminated.

CEO Tony Hsieh further added, “We’ve spent over 12 years building our reputation, brand, and trust with our customers. It’s painful to see us take so many steps back due to a single incident.”

The hacker most probably gained access to customer name, email address, billing and shipping addresses, phone numbers, the last four digits of the customer card numbers and the customer’s “cryptographically scrambled password.” Fortunately full credit-card and payment information has not been accessed by the hacker. This is the biggest cyber-attack since the Playstation Network hack last year. The site has been closed down for now especially for its international users. According to Zappos Amazon servers have not been affected by the hack.

Security revamp

Zappos is working with the police to investigate the matter and find out if the data was downloaded from its servers. The company has no idea as yet as to how and from where the attack originated. Zappos has discontinued its toll-free number and is responding only via email. Customers have been requested to change their passwords.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, Lawsuits and settlements, computer security software, data breach, data encryption

Tags: Amazon.com Credit card Customer Email address Kentucky Online shopping Password PlayStation Network Seattle security Tony Hsieh Zappos

Stratfor site relaunched – Story continues

January 15th, 2012

Stratfor relaunches site post hack attack

Stratfor is officially back but its servers are heavily burdened due to its offer of free access. Stratfor CEO criticized the attackers for targeting the company, an email said. Stratfor aka Strategic Forecasting is back online after it was hacked into last month.

The new site

Stratfor relaunched the new site on Jan. 11 exactly 18 days after the hacking group Anonymous hacked into its servers on Dec. 24. The hackers hacked Stratfor’s servers and took away data related to its subscribers and also defaced the site. The information that was dumped online included 75,000 credit card numbers and 860,000 usernames and passwords. Almost 50,000 of the addresses had a .mil or .gov domain. According to a Stratfor spokesperson there was going to be a delay with the site re-launch. The company planned to bring in a team of consultants and experts to tackle the security issues. The company further decided to move all credit card management activities to a third-party company so that customer data remained secure.

According to George Friedman, CEO of Stratfor “This was our failure,”. “I take responsibility. I deeply regret that this occurred and created hardship for our customers and friends.” “I felt bound to protect our customers, who quickly had to be informed about the compromise of their privacy. I also felt bound to protect the investigation,” Friedman said. The FBI had informed credit card companies of the breach and had provided a list of compromised cards, so “our customers were therefore protected,” he said, adding, “We were not compelled to undermine the investigation.” “This attack was clearly designed to silence us by destroying our records and the website,”.

What went wrong?

Apparently Stratfor had failed to encrypt credit card data and had stored the information in cleartext. After the passwords were analyzed, it was seen that security practices were not followed.There was no check on passwords when they were created by users.

Friedman further added “We were no longer an organization that analyzed the world for the interested public, but rather a group of incompetents, and conversely, the hub of a global conspiracy,”. According to him the media had publicized “incompetents” part while the hacking community focused on the “global conspiracy” part.

Relaunch offer

The site was made free to all visitors for a limited time. But that did not last long as due to heavy traffic on the site, it had to be closed down. ”Due to the high volume of interest in our new website, we are currently encountering a service interruption. We are working with outside experts to increase our capacity to handle the increased traffic to the new website,” according to a message posted at Stratfor.com.

Protect yourself with Alertsec

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Identity and Information loss, computer security software, data breach, data encryption

Tags: anonymous Austin Texas Bank card number Check Point Company Credit card Dec. 24 FBI Federal Bureau of Investigation Friedman George Friedman Hackers Personal computer Stratfor YouTube

Anonymous is back with a bang! This time they breach Stratfor Inc.

January 9th, 2012

Stratfor Inc hacked and credit card data stolen

Anonymous has always been in the news for data hacking and just when we were wondering what they were up to, they are here! This time they have been successful in breaching data of the security Think-Tank Strategic Forecating Inc, based out of Austin.

The details

The group managed to hack into Stratfor’s web site and get data about the company’s corporate subscribers. This resulted in the website being closed down temporarily. Anonymous was proud to announce that they stole passwords, credit card details, and home addresses of about 4,000 people on Stratfor’s private client list. Their plan was to use the credit card information to make fraudulent donations to charities. The hackers described the data on Pastebin, then provided several links to websites hosting the information. According to them some 50,000 of the e-mail addresses released end in “.mil” or “.gov.”

Strangely enough, some representatives of the Anonymous group denied complete responsibility of the attacks. According to an Anonymous spokesman “it does not attack media sources.” The organization has been known for its hacks on Sony’s PlayStation services, the Church of Scientology, as well as companies, banks, and organizations that supported WikiLeaks.

What business is Stratfor into?

The company offers its clients like the U.S. Air Force, the Miami Police Department, and Apple, high-quality economic, political, and even military analysis to clients, delivered daily via email, video, and the Web.

After the hack

Stratfor is offering a free one-year subscription to an identity protection service to those affected. Stratfor’s CEO, George Friedman confirmed on the company’s Facebook page on Monday that the hack disclosed the names of some corporate subscribers along with personal and credit card data.

Barrett Brown, spokesman for Anonymous said “This wealth of data includes correspondence with untold thousands of contacts who have spoken to Stratfor’s employees off the record over more than a decade,”. “Many of those contacts work for major corporations within the intelligence and military contracting sectors, government agencies and other institutions.”

Stratfor’s chief George Friedman’s statement

“While addressing matters related to the breach of Stratfor’s data systems, the company has been made aware of false and misleading communications that have circulated within recent days,” said Friedman. “Specifically, there is a fraudulent email that appears to come from George.Friedman[@]Stratfor.com.”

High profile attacks are making the rounds and security agencies are scrambling to get the security policies of such companies in place. Stratfor’s website is under repair as of today and will take some time before it gets back in shape.

Alertsec equips firms with encryption software

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: anonymous Austin Austin Texas Consultants Credit card data Facebook George Friedman Hack Miami Police Department Pastebin security Stratfor United States Air Force Website Wikileaks

ICO wants to maintain location privacy so that data is not misused

December 13th, 2011

Most of our posts have been concentrating on data breach and laptop theft. This one talks in particular about strengthening data security laws which is the need of the hour, especially for private firms.

The recently held conference called ‘A fine balance 2011: location and cyber privacy in the digital age’ focused on maintaining data privacy just when smart phones, credit cards and other devices are tracking user locations.

Here is what Jonathan Bamford, the head of strategic liaison from the Information Commissioner’s Office (ICO), had to say”"We need to inspire public trust into the way information is issued. What do we do as a regulatory option?” “There is no doubt that human activities have a geographic component and some may be more sensitive than others. Your phone is with you all the time so anything that relates to a smartphone can be very powerful in terms of how I live my life.”

It si very important to manage location data carefully, especially those who develop operating systems and applications. Bamford further adds”"People who develop applications have a series of obligations as do those who create the operating systems. Everybody has a role to play.” “If location data is obtained how long do you retain it for? You can build up a picture of how I live my life if you retain it too long.”

Bamford also explained ICO’s role in data security, especially in terms of audit inspections of govt organizations. Currently the general public is under the impression that the information that they fill up on any website is completely secure. They need to carry this impression for long hence data security is of utmost importance. The people also need to know exactly what is being done about their data and where it is sent. This is where location based services come in. All advertisers want your zip code. A zip code allows a advertiser/provider to get more insight into your life. Companies are getting closer to you with technologies like iPhone.

It is time that the ICO keeps a tab over private sector as well. These private companies are using location based services and getting private data of customers. There is a very high chance of this data getting misused. Currently the ICO can only monitor govt bodies. Companies like Facebook, Google and Groupon are a potential threat to privacy. To add oil to the fire, the development of IPv6 networks could be even more threatening as it will be able to access more private data.

According to Richard Hollis, US group of Info systems audit and control association “As we match the physical world to the virtual world, by placing items such as fridges or even your car keys on the internet, firms could have even more access to your data, your location and your life”.

Use Alertsec

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Use Alertsec
Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption

ICO wants to inspect private firms for data security issues

.

No comments »

Posted in Computer security, Lawsuits and settlements, computer security software, data breach

Tags: Check Point Credit card data breach data security disk encryption ICO Information Commissioner Information Commissioners Office Information privacy IPhone Operating system privacy Richard Hollis security

Vacationland Vendors admit to serious data breach

September 15th, 2011

Vendstar 3000 Vending Machine at Approved Cash...

Vending machine exposes visitors' personal data

Should you be staying away from vending machines? Many folks keep themselves away from vending machines for health sake.

There is one more reason to stay away now. Your personal information is at risk here ! Folks swipe credit cards whilst buying from the vending machines thereby storing personal data.

The following incident makes one think twice before putting that chip from the vending machine into your mouth.

A hacker gained entry into certain parts of Vacationland Vendors point-of-sale systems used to process payment-card transactions at Wilderness Resorts located in Tennessee and in the city of Wisconsin Dells, Wisconsin. The breach has affected around 40,000 people. Company’s spokesperson said “a computer hacker improperly acquired credit card and debit information.”

It is still not known how the breach was discovered or when. Whether those affected by the breach have been notified or not is also not known. The breach affected only arcade systems. Fortunately the resort operations and systems — reservations, restaurants, and shops — were not breached.

According to Vacationland, internal security has nothing to do with the breach at either of the two Wilderness Resorts. The statement further adds “Vacationland Vendors has learned that other businesses just like its own have been affected by this computer hacker,”.

Vacationland Vendors is working with an outside consultant and has beefed up its security of point of sale systems to protect from future breaches.

Customers who have used their credit card or debit card at the Wilderness Resort locations from December 12, 2008 through May 25, 2011have been asked to take the following immediate steps in order to prevent the unauthorized and unlawful use of their personal information.

According to Bill Bray, spokesperson for the Wisconsin Dells-based Vacationland Vendors, the same intruder had hacked other businesses as well.

a. Keep a close watch on bank statements and credit card bills and if you notice something strange immediately get in touch with authorities

•b. Place a fraud alert on your consumer credit file. This can be done by contacting one of the three national credit reporting agencies – Equifax (800-525-6285), Experian (888-397-3742) or TransUnion (800-680-7289).

c. Inform the local law enforcement or the state attorney general of any incident related to identity theft

How can Alertsec help?

Thus in the absence of full disk encryption, privacy of consumers is compromised. It is vital to use Data encryption software in order to keep our data safe from breaches. Data security and recovery software is the need of the hour. $13/month is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software-licensing model

Why is Alertsec the number 1 laptop encryption service?

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption