funsec mailing list archives
Fwd: [ISN] U.S. Bank allegedly concealed data breach
From: Paul Ferguson <fergdawgster () gmail com>
Date: Wed, 8 Dec 2010 10:26:47 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FYI, - - ferg - ---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> Date: Wed, Dec 8, 2010 at 3:07 AM Subject: [ISN] U.S. Bank allegedly concealed data breach To: isn () infosecnews org http://www.startribune.com/business/111499139.html By DAN BROWNING Star Tribune December 7, 2010 A tiny mom- and daughter-owned company in Arizona is taking aim at U.S. Bank in a class-action lawsuit that alleges the bank failed to protect them and countless other online merchants from crooks who breached the bank's credit card database. In a lawsuit filed last month in Hennepin County and removed to U.S. District Court in Minneapolis this week, the company Paintball Punks alleges that between August and December 2009, it received nine orders totaling $11,259.91 that were fraudulently billed to U.S. Bank-issued credit cards. That's not a huge amount, but the potential client base from U.S. Bank's $16 billion credit card portfolio drew the attention of two major law firms that specialize in class-action cases. U.S. Bank said potential damages could exceed the $5 million threshold required under the Class Action Fairness Act of 2005. The Arizona firm sells paintball supplies online. It claims that before it shipped out any merchandise, it took all the required steps to verify cardholders' identities, including checking the security codes on the backs of credit cards and cross-referencing the shipping addresses against the cardholders' billing addresses on file with the bank. Even so, after the actual account holders disputed the charges, U.S. Bank tapped into Paintball Punks' bank account in what's known as a "chargeback" and recouped the money from the bogus transactions. According to the lawsuit, Minneapolis-based U.S. Bank covered up a breach of its own security systems and shifted the cost of fraudulent charges onto merchants. [...] -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFM/83fq1pz9mNUZTMRAo/NAJ9zhvZbyqEEHn52Vp18+cKHcEvuUACgrVWH IlIFWwojjPlsWtLDWHvL768= =Q0PL -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fwd: [ISN] U.S. Bank allegedly concealed data breach Paul Ferguson (Dec 08)