BreachExchange mailing list archives
Cyberthieves reportedly raiding bank accounts via stolen Home Depot data
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 11 Sep 2014 20:00:53 -0600
http://www.twincities.com/crime/ci_26497968/cyberthieves-reportedly-raiding-bank-accounts-via-stolen-home.html The massive data breach at Home Depot is being followed by a spike in fraudulent withdrawals from ATMs, tech blogger Brian Krebs is warning. Stolen debit card data is being used to create counterfeit cards -- and "multiple financial institutions" report that thieves are able to change the PIN numbers, allowing criminals access to bank accounts, Krebs wrote Monday. Krebs is a former Washington Post reporter who broke the news of the Target data breach last year and the Home Depot one last week. On Monday, Home Depot confirmed that thieves had broken into its payment-card system, starting in April and continuing at least until August. The breach appears to have affected more than 2,000 Home Depot stores across the United States and Canada. H On his blog Monday, Krebs told of an unidentified West Coast bank that had "lost more than $300,000 in two hours today to PIN fraud on multiple debit cards that had all been used recently at Home Depot." A New England bank told Krebs that it "experienced more than $25,000 in PIN debit fraud at ATMs in Canada." A bank employee told Krebs that "thieves were able to change the PINs on the cards using the bank's automated VRU (Voice Response Unit) system." Cybercriminals appear to have stolen millions of card numbers, customers' names and other information from Home Depot shoppers. Home Depot said Monday "there is no evidence that debit PIN numbers were compromised" in the breach. But Krebs reports that thieves are finding ways to alter PIN numbers anyway, thanks in part to the amount of information they've stolen. And once they've altered PINs, thieves can also gain access to bank accounts. By Krebs' account, thieves are combining two sources of stolen information -- debit numbers and cardholder names from the data breach, with Social Security numbers illegally bought from other sources. By melding all that information, they're tricking automated banking systems into changing PINs. Now that banks know of the problem, Krebs said, they're starting to demand even more verifying information before a PIN can be changed. Banks also stressed that customers are not liable for losses, if they notify financial institutions of any suspicious activity. A Wells Fargo spokesman declined to comment specifically on the Home Depot breach. But the bank said in a statement, "We continually monitor accounts for unusual patterns and activity. If a customer is impacted by fraud, they are protected by Zero Liability -- meaning that if a Wells Fargo Credit card, debit card or number is ever lost, stolen or used without authorization and the cardholder provides us with prompt notification, the customer is protected against liability for any unauthorized transactions." Wells Fargo spokesman Kristopher Dahl said if customers are concerned, they can set up alerts and other monitoring on their accounts. A Wells Fargo operator can help explain those options, Dahl added. Home Depot didn't reveal how many customers had their card-data stolen, but some experts believe it's even larger than the 40 million cards stolen in the two-week holiday season Target breach last year. Like with Target, huge batches of stolen credit and debit card numbers are now showing up on overseas online "card shops," where sensitive information is sold in clusters for other thieves to buy, Krebs reported. The Home Depot breach is only the latest in a series of credit-card heists, thought to be conducted by cybercriminals located in Russia or Eastern Europe. Target, Neiman Marcus, Cub Foods' owner Supervalu, Goodwill, Dairy Queen and other retailers have all been hit in the past year. The U.S. Department of Homeland Security estimates that payment networks are so badly compromised that more than 1,000 U.S. merchants large and small have been hit with security breaches in the past year.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Cyberthieves reportedly raiding bank accounts via stolen Home Depot data Audrey McNeil (Sep 18)