Cyberthieves reportedly raiding bank accounts via stolen Home Depot data

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.twincities.com/crime/ci_26497968/cyberthieves-reportedly-raiding-bank-accounts-via-stolen-home.html

The massive data breach at Home Depot is being followed by a spike in
fraudulent withdrawals from ATMs, tech blogger Brian Krebs is warning.

Stolen debit card data is being used to create counterfeit cards -- and
"multiple financial institutions" report that thieves are able to change
the PIN numbers, allowing criminals access to bank accounts, Krebs wrote
Monday.

Krebs is a former Washington Post reporter who broke the news of the Target
data breach last year and the Home Depot one last week.

On Monday, Home Depot confirmed that thieves had broken into its
payment-card system, starting in April and continuing at least until
August. The breach appears to have affected more than 2,000 Home Depot
stores across the United States and Canada. H

On his blog Monday, Krebs told of an unidentified West Coast bank that had
"lost more than $300,000 in two hours today to PIN fraud on multiple debit
cards that had all been used recently at Home Depot."

A New England bank told Krebs that it "experienced more than $25,000 in PIN
debit fraud at ATMs in Canada." A bank employee told Krebs that "thieves
were able to change the PINs on the cards using the bank's automated VRU
(Voice Response Unit) system."

Cybercriminals appear to have stolen millions of card numbers, customers'
names and other information from Home Depot shoppers.

Home Depot said Monday "there is no evidence that debit PIN numbers were
compromised" in the breach.

But Krebs reports that thieves are finding ways to alter PIN numbers
anyway, thanks in part to the amount of information they've stolen. And
once they've altered PINs, thieves can also gain access to bank accounts.

By Krebs' account, thieves are combining two sources of stolen information
-- debit numbers and cardholder names from the data breach, with Social
Security numbers illegally bought from other sources. By melding all that
information, they're tricking automated banking systems into changing PINs.

Now that banks know of the problem, Krebs said, they're starting to demand
even more verifying information before a PIN can be changed. Banks also
stressed that customers are not liable for losses, if they notify financial
institutions of any suspicious activity.

A Wells Fargo spokesman declined to comment specifically on the Home Depot
breach. But the bank said in a statement, "We continually monitor accounts
for unusual patterns and activity. If a customer is impacted by fraud, they
are protected by Zero Liability -- meaning that if a Wells Fargo Credit
card, debit card or number is ever lost, stolen or used without
authorization and the cardholder provides us with prompt notification, the
customer is protected against liability for any unauthorized transactions."

Wells Fargo spokesman Kristopher Dahl said if customers are concerned, they
can set up alerts and other monitoring on their accounts. A Wells Fargo
operator can help explain those options, Dahl added.

Home Depot didn't reveal how many customers had their card-data stolen, but
some experts believe it's even larger than the 40 million cards stolen in
the two-week holiday season Target breach last year.

Like with Target, huge batches of stolen credit and debit card numbers are
now showing up on overseas online "card shops," where sensitive information
is sold in clusters for other thieves to buy, Krebs reported.

The Home Depot breach is only the latest in a series of credit-card heists,
thought to be conducted by cybercriminals located in Russia or Eastern
Europe. Target, Neiman Marcus, Cub Foods' owner Supervalu, Goodwill, Dairy
Queen and other retailers have all been hit in the past year.

The U.S. Department of Homeland Security estimates that payment networks
are so badly compromised that more than 1,000 U.S. merchants large and
small have been hit with security breaches in the past year.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!