BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

USC investigates credit card security breach

From: security curmudgeon <jericho () attrition org>
Date: Fri, 6 Jul 2012 22:34:13 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://dailytrojan.com/2012/06/28/usc-investigates-credit-card-security-breach/

By Daniel Rothberg
Daily Trojan
June 28, 2012

A forensic investigation led by Ernst & Young found instances of credit 
card theft at several USC Hospitality venues over at least a one-month 
period, according to an email from Dan Stimmler, associate senior vice 
president of auxiliary services. Credit card numbers were obtained because 
of a breach in third-party software that the university installed three 
years ago, Stimmler said to the Daily Trojan.

Though credit card numbers were stolen, no personal information was 
compromised, the email said.

The university received its first reported theft June 20 and contracted 
Ernst & Young the following day to gather more details, investigate who 
might be responsible and look into ways to prevent a future security 
breach, Stimmler said. According to the email, the investigation has found 
that the thefts began on May 21 -- or possibly earlier -- and ended June 
21 after USC Auxiliary Services discovered the breach and shut down the 
system.

The affected hospitality venues include the Ronald Tutor Campus Center, 
Seeds, The Lab and the Starbucks on the Health Sciences Campus.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: