Which Retailers Besides Target and Neiman Marcus Have Been Hacked?

Image: Getty Images

This Week in Cybercrime We learned this week that the upscale retailer Neiman Marcus suffered basically the same security breach as the one that affected Target during the height of the holiday shopping season. Malware installed on its networks infected its point-of-sale system; the malicious code collected payment card data, including PINs, for 1.1 million customers.

While Neiman Marcus and Target—whose security lapse left credit card data for 70 million of its customers in the hands of cybercriminals—have been in the news, they’re not the only ones who've had their digital pockets picked. According to researchers at IntelCrawler, an online intelligence-gathering service that helps firms spot cyberthreats, chatter on forums where cybercriminals ply their trade has revealed that as many as six other retailers have also had their systems—and their customers’ information—compromised. IntelCrawler is not naming names, but says it is providing technical information related to the breaches to the appropriate authorities.

NSA Phone Snooping Illegal and Ineffective, Says Review Board

The U.S. government’s Privacy and Civil Liberties Oversight Board released a 238-page report [pdf] this week calling the National Security Agency’s collection of metadata related to U.S. residents’ phone calls illegal and recommending that the practice be ended. The panel concluded that the program not only “lacks a viable legal foundation under Section 215 [of the U.S. Patriot Act]” but has also been largely ineffective.

“We are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack,” said the board’s members. “And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect.”

Fill-Up Fraudsters Nabbed

A team of fraudsters who installed Bluetooth-enabled skimmers on the credit card readers at refueling stations across Texas, Georgia, and South Carolina were indicted this week. The thirteen defendants allegedly stole more than US $2 million from customers who filled their tanks at Raceway and RaceTrac stations between March 2012 and March 2013. Because the skimmers communicated via Bluetooth, the thieves could surreptitiously download the data without ever rousing suspicion. According to the criminal complaint, the gang used the stolen credit card information to produce phony cards that they subsequently used to withdraw cash and spread it across 70 different accounts in an effort to launder the money.

In Other Cybercrime News…

Image: Getty Images


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City