BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

U.S. Bank allegedly concealed data breach

From: security curmudgeon <jericho () attrition org>
Date: Wed, 8 Dec 2010 05:56:36 -0600 (CST)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.startribune.com/business/111499139.html

By DAN BROWNING
Star Tribune
December 7, 2010

A tiny mom- and daughter-owned company in Arizona is taking aim at U.S. 
Bank in a class-action lawsuit that alleges the bank failed to protect 
them and countless other online merchants from crooks who breached the 
bank's credit card database.

In a lawsuit filed last month in Hennepin County and removed to U.S. 
District Court in Minneapolis this week, the company Paintball Punks 
alleges that between August and December 2009, it received nine orders 
totaling $11,259.91 that were fraudulently billed to U.S. Bank-issued 
credit cards.

That's not a huge amount, but the potential client base from U.S. Bank's 
$16 billion credit card portfolio drew the attention of two major law 
firms that specialize in class-action cases. U.S. Bank said potential 
damages could exceed the $5 million threshold required under the Class 
Action Fairness Act of 2005.

The Arizona firm sells paintball supplies online. It claims that before it 
shipped out any merchandise, it took all the required steps to verify 
cardholders' identities, including checking the security codes on the 
backs of credit cards and cross-referencing the shipping addresses against 
the cardholders' billing addresses on file with the bank.

Even so, after the actual account holders disputed the charges, U.S. Bank 
tapped into Paintball Punks' bank account in what's known as a 
"chargeback" and recouped the money from the bogus transactions.

According to the lawsuit, Minneapolis-based U.S. Bank covered up a breach 
of its own security systems and shifted the cost of fraudulent charges 
onto merchants.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: