Home · Security

Home Depot breach a near certainty, yet Backoff remains a question

Home Depot has not yet confirmed that a slew of fraudulent transactions came from a breach of its systems, yet an increasing body of evidence is mounting that points to a massive compromise linked to the home-supply retail chain. Financial institutions first detected the suspected breach when a wave of fraudulent transactions on cards had been used at Home Depot. On Wednesday, journalist and blogger Brian Krebs, who originally broke the story, analyzed the zip codes of a recent batch of stolen cards offered for sale on the underground and found a 99 percent match with the locations of Home Depot's stores.

Such a correlation is a "smoking gun," Lucas Zaichkowsky, enterprise defense architect at AccessData, a digital forensics and security services firm, said in an e-mail interview. Whether Home Depot has been breached is no longer a question, he said.

"The bigger question is why Home Depot didn’t detect the attackers as they maneuvered from their initial entry point past multiple layers of defense, performing internal reconnaissance and escalating privileges in the process," Zaichkowsky said. More...

09-05-2014 05:40

Data breach at UPS Stores in 24 states

United Parcel Service has discovered a computer breach at 51 stores, making Big Brown the latest retailer to lose customer data.

UPS said that the hacking had escaped detection at stores in 24 states, or around 1% of its locations. At most stores, the malware attack occurred after March 26, and was eliminated by August 11.

No fraud has yet been discovered, UPS said, but customer names, postal addresses, email addresses and payment card information were compromised.

Tim Davis, president of The UPS Store, apologized in a statement for any anxiety the theft may have caused customers. He said the company had deployed "extensive resources to quickly address and eliminate this issue."

Each UPS Store is franchised and runs separate computer systems, which may have helped limit the extent of the attack. UPS said the bug was not found at any of its other businesses. More...

08-21-2014 14:52

Hospital network hacked, 4.5 million records stolen

Community Health Systems, which operates 206 hospitals across the United States, announced on Monday that hackers recently broke into its computers and stole data on 4.5 million patients.

Hackers have gained access to their names, Social Security numbers, physical addresses, birthdays and telephone numbers.

Anyone who received treatment from a physician's office tied to a network-owned hospital in the last five years -- or was merely referred there by an outside doctor -- is affected.

The large data breach puts these people at heightened risk of identity fraud. That allows criminals open bank accounts and credit cards on their behalf, take out loans and ruin personal credit history.

The company's hospitals operate in 28 states but have their most significant presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas. More...

08-18-2014 21:17

<< First < Previous [1 / 39] Next > Last >>