Forget hackers, Indian call center workers may be stealing your financial data

[security curmudgeon <jericho () attrition org>]

http://www.itworld.com/security/261506/forget-hackers-indian-call-center-workers-may-be-stealing-your-financial-data

Forget hackers, Indian call center workers may be stealing your financial 
data
Undercover reporters offered data on debit cards, mortgages, credit and 
other intimate customer info
By Kevin Fogarty

March 23, 2012, 11:37 AM - Hackers and hacktivists may be responsible for 
more data breaches than insiders, cybercrimes may be getting easier to 
commit - according to the FBI, at least - and the Internet may have become 
such a bad neighborhood that it requires not one, but two oppressively 
harsh, unrealistically broad bills in Congress to combat it.

That doesn't mean light fingers have no place in the world of crime 
anymore; even crime involving identity and data theft.

According to a story in the U.K.'s Daily Mail, workers at several call 
centers in India have been making money on the side by recording as many 
as 45 separate points of data on half a million British customers and 
selling them for as little as two pence per record.

The information includes names, debit and credit-card numbers (along with 
expiration dates and CCV/CVV codes), medical and financial records.

Reporters from the Sunday Times uncovered the scheme by going undercover 
as buyers. Two men calling themselves "IT consultants" claimed to have 
been selling the information for so long they could tell which banks 
issued a credit card simply by looking at the number.

They said they could also get data on mortgages, loans, insurance 
policies, cell-phone contracts and other accounts, most less than 72 hours 
old.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.