BreachExchange mailing list archives
U.S. Bank allegedly concealed data breach
From: security curmudgeon <jericho () attrition org>
Date: Wed, 8 Dec 2010 05:56:36 -0600 (CST)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.startribune.com/business/111499139.html By DAN BROWNING Star Tribune December 7, 2010 A tiny mom- and daughter-owned company in Arizona is taking aim at U.S. Bank in a class-action lawsuit that alleges the bank failed to protect them and countless other online merchants from crooks who breached the bank's credit card database. In a lawsuit filed last month in Hennepin County and removed to U.S. District Court in Minneapolis this week, the company Paintball Punks alleges that between August and December 2009, it received nine orders totaling $11,259.91 that were fraudulently billed to U.S. Bank-issued credit cards. That's not a huge amount, but the potential client base from U.S. Bank's $16 billion credit card portfolio drew the attention of two major law firms that specialize in class-action cases. U.S. Bank said potential damages could exceed the $5 million threshold required under the Class Action Fairness Act of 2005. The Arizona firm sells paintball supplies online. It claims that before it shipped out any merchandise, it took all the required steps to verify cardholders' identities, including checking the security codes on the backs of credit cards and cross-referencing the shipping addresses against the cardholders' billing addresses on file with the bank. Even so, after the actual account holders disputed the charges, U.S. Bank tapped into Paintball Punks' bank account in what's known as a "chargeback" and recouped the money from the bogus transactions. According to the lawsuit, Minneapolis-based U.S. Bank covered up a breach of its own security systems and shifted the cost of fraudulent charges onto merchants. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- U.S. Bank allegedly concealed data breach security curmudgeon (Dec 08)