The UPS Store discovered malware... at 51 locations in 24 states (about 1%) of 4,470 franchised center locations throughout the United States.
Customers' information, who used a credit or debit card at the 51 impacted franchised center locations between January 20, 2014 and August 11, 2014, may have been exposed.
The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information.
The time intervals between card data breaches are rapidly decreasing. The day is not far off when we start getting a news like this every day, or even several times a day, because there is nothing that realistically can stop hackers from breaking into the stores and point-of-sale machines. The payment card technology is insecure by design, and there is no easy and cheap solution for this problem.
7 reasons why we’re going to see more card data breaches at our favorite retail stores (my article just published by Venture Beat)
Venture Beat just published my review of the situation with payment card security, which basically answers the question: are we going to see more card data breaches?
Supervalu and Albertsons are the latest retail chains to get hit by credit card breaches, but they won’t be the last. Here's why.
In addition to Alberson's stores breach, there are more Supervalu stores under different brand affected by the breach. The two breaches are connected as apparently the Albertson's stores use the same POS/payment software or/and payment gateway services provided by Supervalu:
Some stores owned and operated by Albertson’s LLC and New Albertson’s, Inc. suffered a related criminal intrusion.SUPERVALU provides information technology services to these Albertson’s LLC and New Albertson’s, Inc. stores pursuant to transition services agreements, and we have been working together to respond to the intrusion into their stores.
I have written an article with the analysis of all recent breaches and prediction regarding further breaches. It will be published soon in one of the magazines or/and in my blog. Stay tuned.
This is a brief and clear explanation of Bitcoin transaction malleability bug which caused the bankruptcy and shutdown of Mt. Gox - one of the biggest Bitcoin exchanges. There is a reference to the slides from the original presentation at recent Black Hat USA 2014 conference.
Just another grim story in the row of card data breaches... We will see more and more breaches like this until the industry realizes that the current payment card technologies - EMV is no exception - are insecure by design, it is nearly impossible to patch them, and they should be replaced by something else!
I like this excerpt from Dan Geer's keynote at Black Hat USA 2014:
Our choices are Freedom, Security, Convenience -- Choose Two
The full transcript of the keynote is available here.
This is visual representation of my Hacking Point of Sale talk at Tripwire booth at Black Hat USA 2014. Thanks Tripwire for this opportunity to present and sign the book!
I gave a brief interview to The Register about the role of PCI in recent retail card data breaches.
I'll be doing two one-hour book signings at Black Hat USA 2014 and DEF CON 22 conferences in Las Vegas:
Black Hat USA 2014:
August 6, 2014, 5:30 pm
Mandalay Bay Conference Center, Tripwire booth 141
(I'll be doing a short presentation before the book signing)
DEF CON 22:
August 8, 2014, 11:00 am
Rio Hotel & Casino, No Starch Press community table in Vendor Area
Can someone shed light on this ghostly "payment card industry fraud investigative unit"? I stumbled upon this name in Brian Krebs blog's post about potential card data in Goodwill Industries. But googling this name did not return any distinct reference. Isn't such a unit, if it really exists, supposed to have some kind of communication portal for public relations, like IC3, for example?