funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: [ISN] U.S. Bank allegedly concealed data breach

From: Paul Ferguson <fergdawgster () gmail com>
Date: Wed, 8 Dec 2010 10:26:47 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI,

- - ferg


- ---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>
Date: Wed, Dec 8, 2010 at 3:07 AM
Subject: [ISN] U.S. Bank allegedly concealed data breach
To: isn () infosecnews org


http://www.startribune.com/business/111499139.html

By DAN BROWNING
Star Tribune
December 7, 2010

A tiny mom- and daughter-owned company in Arizona is taking aim at U.S.
Bank in a class-action lawsuit that alleges the bank failed to protect
them and countless other online merchants from crooks who breached the
bank's credit card database.

In a lawsuit filed last month in Hennepin County and removed to U.S.
District Court in Minneapolis this week, the company Paintball Punks
alleges that between August and December 2009, it received nine orders
totaling $11,259.91 that were fraudulently billed to U.S. Bank-issued
credit cards.

That's not a huge amount, but the potential client base from U.S. Bank's
$16 billion credit card portfolio drew the attention of two major law
firms that specialize in class-action cases. U.S. Bank said potential
damages could exceed the $5 million threshold required under the Class
Action Fairness Act of 2005.

The Arizona firm sells paintball supplies online. It claims that before
it shipped out any merchandise, it took all the required steps to verify
cardholders' identities, including checking the security codes on the
backs of credit cards and cross-referencing the shipping addresses
against the cardholders' billing addresses on file with the bank.

Even so, after the actual account holders disputed the charges, U.S.
Bank tapped into Paintball Punks' bank account in what's known as a
"chargeback" and recouped the money from the bogus transactions.

According to the lawsuit, Minneapolis-based U.S. Bank covered up a
breach of its own security systems and shifted the cost of fraudulent
charges onto merchants.

[...]

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFM/83fq1pz9mNUZTMRAo/NAJ9zhvZbyqEEHn52Vp18+cKHcEvuUACgrVWH
IlIFWwojjPlsWtLDWHvL768=
=Q0PL
-----END PGP SIGNATURE-----



-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: