Category Archives: Data Breaches

Stories about data breaches at retailers, corporations, governments and organizations of all sizes.

In Damage Control, Sony Targets Reporters

December 15, 2014

Over the weekend I received a nice holiday letter from lawyers representing Sony Pictures Entertainment, demanding that I cease publishing detailed stories about the company’s recent hacking and delete any company data collected in the process of reporting on the breach. While I have not been the most prolific writer about this incident to date, rest assured such threats will not deter this reporter from covering important news and facts related to the breach.

Unencrypted Data Lets Thieves ‘Charge Anywhere’

December 9, 2014

58 Comments

Charge Anywhere LLC, a New Jersey mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014.

Toward a Breach Canary for Data Brokers

December 8, 2014

53 Comments

When a retailer’s credit card systems get breached by hackers, banks usually can tell which merchant got hacked soon after those card accounts become available for purchase at underground cybercrime shops. But when commercial data brokers get hacked or are tricked into giving consumers’ data to identity thieves, there is no easy way to tell who leaked the information when it ends up for sale in the black market. In this post, we’ll examine one idea to hold consumer data brokers more accountable.

Bebe Stores Confirms Credit Card Breach

December 5, 2014

14 Comments

In a statement released this morning, women’s clothier chain bebe stores inc. confirmed news first reported on this blog Thursday: That hackers had stolen customer card data from stores across the country in a breach that persisted for several weeks last month.

Banks: Credit Card Breach at Bebe Stores

December 4, 2014

48 Comments

Data gathered from several financial institutions and at least one underground cybercrime shop suggest that thieves have stolen credit and debit card data from Bebe Stores Inc., a nationwide chain of some 200 women’s clothing stores. Earlier this week, KrebsOnSecurity… Read More »

Link Found in Staples, Michaels Breaches

November 17, 2014

60 Comments

The breach at office supply chain Staples impacted roughly 100 stores and was powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores, according to sources close to the investigation.

Home Depot: Hackers Stole 53M Email Addresses

November 7, 2014

81 Comments

As if the credit card breach at Home Depot didn’t already look enough like the Target breach: Home Depot said yesterday that the hackers who stole 56 million customer credit and debit card accounts also made off with 53 million customer email addresses.

How to Tell Data Leaks from Publicity Stunts

October 29, 2014

47 Comments

In an era when new consumer data breaches are disclosed daily, fake claims about data leaks are sadly becoming more common. These claims typically come from fame-seeking youngsters who enjoy trolling journalists and corporations, and otherwise wasting everyone’s time. Fortunately, a new analysis of recent bogus breach claims provides some simple tools that anyone can use to quickly identify fake data leak claims.

‘Spam Nation’ Publisher Discloses Card Breach

October 23, 2014

40 Comments

In the interests of full disclosure: Sourcebooks, the company that on Nov. 18 is publishing my upcoming book about organized cybercrime, disclosed last week that a breach of its Web site shopping cart software may have exposed customer credit card and personal information.

Fortunately, this breach does not affect readers who have pre-ordered Spam Nation through the retailers I’ve been recommending — Amazon, Barnes & Noble, and Politics & Prose. I mention this breach mainly to get out in front of it, and because of the irony and timing of this unfortunate incident.

Banks: Credit Card Breach at Staples Stores

October 20, 2014

94 Comments

Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a breach involving in-store customer transactions. Staples says it is investigating “a potential issue” and has contacted law enforcement.