http://blog.wired.com/27bstroke6/2009/02/volunteer-group.html By Kim Zetter Threat Level Wired.com February 19, 2009 Days before Heartland Payment Systems admitted to a computer intrusion that likely exposed hundreds of thousands of consumers to fraud, a group of volunteer security professionals sniffed out the truth on their own. For years, researchers with the nonprofit Open Security Foundation have been scouring press reports, bank websites and other sources for information on consumer data spills, tallying more than 394 million records lost or compromised in 1,700 incidents since 2000. In January, acting on a tip, David Shettler and his fellow foundation volunteers started looking for customer breach notifications coming from regional banks around the United States, and quickly found a pattern. A Jan. 17 story out of Maine indicated that Kennebec Savings Bank was informing 1,500 customers that their debit cards may have been compromised on a third party's system. Just two days later, a Kentucky newspaper reported that the local Forcht Bank had canceled 8,500 of its 22,000 customer debit cards because of an unspecified breach. The more the volunteers looked, the more cases they found, ultimately discovering notifications in five states. "They were issuing a bunch of cards, which suggested this was pretty big," says Shettler, who is also senior technical services engineer at the College of the Holy Cross in Massachusetts. "We knew we had kind of fallen on something." The foundation is accustomed to reading breach-disclosure tea leaves. The group is one of a handful of citizen and nonprofit groups that collect breach data from around the United States and serve as watchdogs to ensure that poor security practices are exposed and fixed. The group's work, posted on its DataLossDB website, is used by the Government Accountability Office and other U.S. agencies, as well as by identity-theft organizations, consumer rights groups, security firms and academics. Last year alone DataLoss cataloged 551 separate breaches of consumer information. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Fri Feb 20 2009 - 01:46:30 PST
This archive was generated by hypermail 2.2.0 : Fri Feb 20 2009 - 01:53:48 PST