[ISN] Group Spots Giant Hacks by Combing Small Newspapers

From: InfoSec News <alerts_at_private>
Date: Fri, 20 Feb 2009 03:46:30 -0600 (CST)
http://blog.wired.com/27bstroke6/2009/02/volunteer-group.html

By Kim Zetter 
Threat Level
Wired.com
February 19, 2009

Days before Heartland Payment Systems admitted to a computer intrusion 
that likely exposed hundreds of thousands of consumers to fraud, a group 
of volunteer security professionals sniffed out the truth on their own.

For years, researchers with the nonprofit Open Security Foundation have 
been scouring press reports, bank websites and other sources for 
information on consumer data spills, tallying more than 394 million 
records lost or compromised in 1,700 incidents since 2000.

In January, acting on a tip, David Shettler and his fellow foundation 
volunteers started looking for customer breach notifications coming from 
regional banks around the United States, and quickly found a pattern.

A Jan. 17 story out of Maine indicated that Kennebec Savings Bank was 
informing 1,500 customers that their debit cards may have been 
compromised on a third party's system. Just two days later, a Kentucky 
newspaper reported that the local Forcht Bank had canceled 8,500 of its 
22,000 customer debit cards because of an unspecified breach. The more 
the volunteers looked, the more cases they found, ultimately discovering 
notifications in five states.

"They were issuing a bunch of cards, which suggested this was pretty 
big," says Shettler, who is also senior technical services engineer at 
the College of the Holy Cross in Massachusetts. "We knew we had kind of 
fallen on something."

The foundation is accustomed to reading breach-disclosure tea leaves. 
The group is one of a handful of citizen and nonprofit groups that 
collect breach data from around the United States and serve as watchdogs 
to ensure that poor security practices are exposed and fixed. The 
group's work, posted on its DataLossDB website, is used by the 
Government Accountability Office and other U.S. agencies, as well as by 
identity-theft organizations, consumer rights groups, security firms and 
academics. Last year alone DataLoss cataloged 551 separate breaches of 
consumer information.

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Fri Feb 20 2009 - 01:46:30 PST

This archive was generated by hypermail 2.2.0 : Fri Feb 20 2009 - 01:53:48 PST